CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-43766

Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.8%

CVSS Severity

CVSS v3 Score 8.1

References

https://github.com/yandex/odyssey/issues/376%2C
https://www.postgresql.org/support/security/CVE-2021-23214/
https://github.com/yandex/odyssey/issues/376%2C
https://www.postgresql.org/support/security/CVE-2021-23214/

Products affected by CVE-2021-43766

Odyssey Project » Odyssey » Version: 1.1

cpe:2.3:a:odyssey_project:odyssey:1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-43766

Products

Pricing

Contact Us