CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-32698

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile36.82th
Published2021年6月21日
Last Modified2024年11月21日

Vulnerability Description

eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0.

Affected Platforms (CPE)

📦
Elabftw

Elabftw

< 4.0.0

References & Advisories

🔗 https://github.com/elabftw/elabftw/commit/3d2db4d3ad90b0915f29f05aeba41eaaf6a7c726
🔗 https://github.com/elabftw/elabftw/security/advisories/GHSA-mh6g-62p8-26m4
🔗 https://github.com/elabftw/elabftw/commit/3d2db4d3ad90b0915f29f05aeba41eaaf6a7c726
🔗 https://github.com/elabftw/elabftw/security/advisories/GHSA-mh6g-62p8-26m4

相关漏洞威胁

CVE-2021-438349.1

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows...

CVE-2019-121858.8

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in ...

CVE-2021-438338.1

eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows...

CVE-2021-411715.9

eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attac...