Vulnerability Details CVE-2021-36668
URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- http://druva.com
- https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before
- https://imhotepisinvisible.com/druva-lpe/
- http://druva.com
- https://docs.druva.com/Knowledge_Base/Security_Update/Security_Advisory_for_inSync_Client_7.0.1_and_before
- https://imhotepisinvisible.com/druva-lpe/
Products affected by CVE-2021-36668
-
cpe:2.3:a:druva:insync_client:*
-
cpe:2.3:a:druva:insync_client:-
-
cpe:2.3:a:druva:insync_client:6.0.1
-
cpe:2.3:a:druva:insync_client:6.1.0
-
cpe:2.3:a:druva:insync_client:6.1.1
-
cpe:2.3:a:druva:insync_client:6.2.0
-
cpe:2.3:a:druva:insync_client:6.5.0
-
cpe:2.3:a:druva:insync_client:6.5.1
-
cpe:2.3:a:druva:insync_client:6.5.2
-
cpe:2.3:a:druva:insync_client:6.6.0
-
cpe:2.3:a:druva:insync_client:6.6.1
-
cpe:2.3:a:druva:insync_client:6.6.2
-
cpe:2.3:a:druva:insync_client:6.6.3
-
cpe:2.3:a:druva:insync_client:6.6.4
-
cpe:2.3:a:druva:insync_client:7.0.0