Unrated severityNVD Advisory· Published Aug 22, 2021· Updated Aug 4, 2024
CVE-2021-39360
CVE-2021-39360
Description
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- GNOME/libzapojitdescription
- Range: <=0.0.3
- osv-coords5 versionspkg:rpm/opensuse/libzapojit&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/libzapojit&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/libzapojit&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libzapojit&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/libzapojit&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3
< 0.0.3-150000.3.5.1+ 4 more
- (no CPE)range: < 0.0.3-150000.3.5.1
- (no CPE)range: < 0.0.3-150000.3.5.1
- (no CPE)range: < 0.0.3-5.3.1
- (no CPE)range: < 0.0.3-5.3.1
- (no CPE)range: < 0.0.3-150000.3.5.1
Patches
Vulnerability mechanics
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDXCHOCVP3VSAKDBQSLER2DQHFIOUHAT/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNSIMQXP6VQWJXI7VW7ZCLCS4NWW465T/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UG7TUICJM4QJHI4QJ2RHOSQE2QWD3KO3/mitrevendor-advisoryx_refsource_FEDORA
- blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/mitrex_refsource_MISC
- gitlab.gnome.org/GNOME/libzapojit/-/issues/4mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.