CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-46249

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile40.12th
Published2022年2月15日
Last Modified2024年11月21日

Vulnerability Description

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps.

Affected Platforms (CPE)

📦
Scratchoauth2 Project

Scratchoauth2

< 2021-04-12

References & Advisories

🔗 https://github.com/ScratchVerifier/ScratchOAuth2/commit/d856dc704b2504cd3b92cf089fdd366dd40775d6
🔗 https://github.com/ScratchVerifier/ScratchOAuth2/commit/d856dc704b2504cd3b92cf089fdd366dd40775d6

関連する脆弱性情報

CVE-2021-4625010.0

An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067c64a allows attackers to authe...

CVE-2021-294378.0

ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user ...

CVE-2021-462516.1

A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to...

CVE-2021-4155610.0

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to ...