CVE-2021-24374: Exposure of Resource to Wrong Sphere

June 21, 2021 (updated February 4, 2023)

The Jetpack Carousel module of the JetPack WordPress plugin allows users to create a carousel type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.

References

nvd.nist.gov/vuln/detail/CVE-2021-24374

Code Behaviors & Features

Detect and mitigate CVE-2021-24374 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →