CVE-2021-39302

on github

Published

August 19, 2021

Severity

CVSS v3:

9.8 CRITICAL

CVSS v2:

6.8 MEDIUM

Description

MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.

References

https://github.com/MISP/MISP/commit/20d9020b76d1f6790c4d84e020d0cc97c929f66b

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:misp:misp:2.4.148:::::::*	n/a	n/a	2.4.148

External Links

NVD - CVE-2021-39302