CVE-2021-21360: Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
(updated )
What kind of vulnerability is it? Who is impacted?
Information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic Setup Tool.
References
- github.com/advisories/GHSA-jff3-mwp3-f8cw
- github.com/pypa/advisory-database/tree/main/vulns/products-genericsetup/PYSEC-2021-43.yaml
- github.com/zopefoundation/Products.GenericSetup
- github.com/zopefoundation/Products.GenericSetup/commit/700319512b3615b3871a1f24e096cf66dc488c57
- github.com/zopefoundation/Products.GenericSetup/security/advisories/GHSA-jff3-mwp3-f8cw
- nvd.nist.gov/vuln/detail/CVE-2021-21360
- pypi.org/project/Products.GenericSetup
Code Behaviors & Features
Detect and mitigate CVE-2021-21360 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →