Medium severity6.1NVD Advisory· Published Aug 22, 2022· Updated Jun 17, 2026
CVE-2021-3639
CVE-2021-3639
Description
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20- mod_auth_mellon/mod_auth_mellondescription
- osv-coords18 versionspkg:rpm/almalinux/mod_auth_mellonpkg:rpm/almalinux/mod_auth_mellon-diagnosticspkg:rpm/opensuse/apache2-mod_auth_mellon&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/apache2-mod_auth_mellon&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/apache2-mod_auth_mellon&distro=openSUSE%20Tumbleweedpkg:rpm/suse/apache2-mod_auth_mellon&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/apache2-mod_auth_mellon&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/apache2-mod_auth_mellon&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/apache2-mod_auth_mellon&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/apache2-mod_auth_mellon&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/apache2-mod_auth_mellon&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/apache2-mod_auth_mellon&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/apache2-mod_auth_mellon&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/apache2-mod_auth_mellon&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/apache2-mod_auth_mellon&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/apache2-mod_auth_mellon&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/apache2-mod_auth_mellon&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/apache2-mod_auth_mellon&distro=SUSE%20Manager%20Server%204.1
< 0.14.0-12.el8.1+ 17 more
- (no CPE)range: < 0.14.0-12.el8.1
- (no CPE)range: < 0.14.0-12.el8.1
- (no CPE)range: < 0.17.0-150200.5.7.1
- (no CPE)range: < 0.17.0-150200.5.7.1
- (no CPE)range: < 0.19.0-1.1
- (no CPE)range: < 0.17.0-150200.5.7.1
- (no CPE)range: < 0.17.0-150200.5.7.1
- (no CPE)range: < 0.17.0-150200.5.7.1
- (no CPE)range: < 0.17.0-150200.5.7.1
- (no CPE)range: < 0.17.0-150200.5.7.1
- (no CPE)range: < 0.16.0-8.6.1
- (no CPE)range: < 0.17.0-150200.5.7.1
- (no CPE)range: < 0.17.0-150200.5.7.1
- (no CPE)range: < 0.16.0-8.6.1
- (no CPE)range: < 0.17.0-150200.5.7.1
- (no CPE)range: < 0.17.0-150200.5.7.1
- (no CPE)range: < 0.17.0-150200.5.7.1
- (no CPE)range: < 0.17.0-150200.5.7.1
Patches
Vulnerability mechanics
References
3- access.redhat.com/security/cve/CVE-2021-3639nvdPatchThird Party Advisory
- github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5nvdPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.