Vulnerability Details CVE-2021-28681
Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn't allow the user to continue if verification has failed.)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.5%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2021-28681
-
cpe:2.3:a:webrtc_project:webrtc:-