CVE-2021-42574

🗓️ 01 Nov 2021 00:36:21Reported by redhat.comType

Flaw in Unicode standards implementation for text rendering in development environments leading to potential deception of human reviewers by malicious patch containing well-placed BiDi characters

Reporter	Title	Published	Views	Family All 368
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.	16 May 202206:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	29 Apr 202502:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Packet Capture is using components with known vulnerabilities	31 Mar 202214:40	–	ibm
GithubExploit	Exploit for Code Injection in Unicode	30 Jun 202122:06	–	githubexploit
GithubExploit	Exploit for Code Injection in Unicode	15 Mar 202611:56	–	githubexploit
GithubExploit	Exploit for Code Injection in Unicode	31 Jan 202318:15	–	githubexploit
Tenable Nessus	Amazon Linux 2022 : cpp, gcc, gcc-c++ (ALAS2022-2022-057)	6 Sep 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2022 : gcc (ALAS2022-2022-222)	9 Dec 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : cpp, gcc, gcc-c++ (ALAS2023-2023-030)	21 Mar 202300:00	–	nessus

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-42574
trojansource	www.trojansource.codes/
lightbluetouchpaper	www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/
unicode	www.unicode.org/reports/tr36/
unicode	www.unicode.org/reports/tr39/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

04 Aug 2024 10:10Current

2.3Low risk

Vulners AI Score2.3

CVSS 25.1

CVSS 3.18.3 - 8.5

EPSS0.24988

SSVC