5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
32.5%
Racket is a general-purpose programming language and an ecosystem for
language-oriented programming. In versions prior to 8.2, code evaluated
using the Racket sandbox could cause system modules to incorrectly use
attacker-created modules instead of their intended dependencies. This could
allow system functions to be controlled by the attacker, giving access to
facilities intended to be restricted. This problem is fixed in Racket
version 8.2. A workaround is available, depending on system settings. For
systems that provide arbitrary Racket evaluation, external sandboxing such
as containers limit the impact of the problem. For multi-user evaluation
systems, such as the handin-server
system, it is not possible to work
around this problem and upgrading is required.
github.com/racket/racket/commit/6ca4ffeca1e5877d44f835760ad89f18488d97e1
github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c
launchpad.net/bugs/cve/CVE-2021-32773
nvd.nist.gov/vuln/detail/CVE-2021-32773
security-tracker.debian.org/tracker/CVE-2021-32773
www.cve.org/CVERecord?id=CVE-2021-32773
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
32.5%