CVE-2021-41187 SQL Injection in DHIS2 Tracker API

🗓️ 01 Nov 2021 21:20:08Reported by GitHub_MType

SQL Injection in DHIS2 Tracker API found, affecting versions 2.32-2.3

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2021-41187	2 Nov 202101:34	–	circl
CNNVD	DHIS 2 SQL注入漏洞	1 Nov 202100:00	–	cnnvd
CVE	CVE-2021-41187	1 Nov 202121:20	–	cve
EUVD	EUVD-2021-28285	3 Oct 202520:07	–	euvd
NVD	CVE-2021-41187	1 Nov 202122:15	–	nvd
Prion	Sql injection	1 Nov 202122:15	–	prion
RedhatCVE	CVE-2021-41187	9 Jan 202608:54	–	redhatcve

[
  {
    "product": "dhis2-core",
    "vendor": "dhis2",
    "versions": [
      {
        "status": "affected",
        "version": ">= 2.32.0, < 2.32-EOS"
      },
      {
        "status": "affected",
        "version": ">= 2.33.0, < 2.33-EOS"
      },
      {
        "status": "affected",
        "version": ">= 2.34.0, < 2.34.7"
      },
      {
        "status": "affected",
        "version": ">= 2.35.0, < 2.35.8"
      },
      {
        "status": "affected",
        "version": ">= 2.36.0, < 2.36.4"
      }
    ]
  }
]

Source	Link
github	www.github.com/dhis2/dhis2-core/security/advisories/GHSA-fvm5-gp3j-c7c6

01 Nov 2021 21:20Current

9.1High risk

Vulners AI Score9.1

CVSS 3.18.1

EPSS0.00827

CWE-89