Lucene search

GitHub_MCVELIST:CVE-2021-41172

HistoryOct 26, 2021 - 2:00 p.m.

CVE-2021-41172 Self-XSS in AS_Redis

2021-10-2614:00:12

CWE-79

GitHub_M

www.cve.org

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

48.4%

JSON

AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis server configuration. Self-XSS in the plugin configuration leads to code execution. This issue is patched in version 0.5.

CNA Affected

[
  {
    "product": "AS_Redis",
    "vendor": "Medicean",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.5"
      }
    ]
  }
]

References

github.com/AntSword-Store/AS_Redis/issues/1

github.com/Medicean/AS_Redis/security/advisories/GHSA-j8j6-f829-w425

mp.weixin.qq.com/s/yjuG6DLT_bSRnpggPj21Xw

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

48.4%

JSON

Related for CVELIST:CVE-2021-41172