CVE-2021-22565

2021-12-0913:15:08

Google

osv.dev

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.9%

JSON

An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater.

CPENameOperatorVersion
exposure-notifications-verification-servereq0.1
exposure-notifications-verification-servereq0.33.1
exposure-notifications-verification-servereq0.5.0
exposure-notifications-verification-servereq0.30.0
exposure-notifications-verification-servereq0.35.2
exposure-notifications-verification-servereq0.20.0
exposure-notifications-verification-servereq1.1.0
exposure-notifications-verification-servereq1.1.1
exposure-notifications-verification-servereq0.32.0
exposure-notifications-verification-servereq0.28.0

Name	Operator	Version
exposure-notifications-verification-server	eq	0.1
exposure-notifications-verification-server	eq	0.33.1
exposure-notifications-verification-server	eq	0.5.0
exposure-notifications-verification-server	eq	0.30.0
exposure-notifications-verification-server	eq	0.35.2
exposure-notifications-verification-server	eq	0.20.0
exposure-notifications-verification-server	eq	1.1.0
exposure-notifications-verification-server	eq	1.1.1
exposure-notifications-verification-server	eq	0.32.0
exposure-notifications-verification-server	eq	0.28.0