Vulnerability Description
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fire.Ly | Spark | <= 1.5.4 |
Related Weaknesses (CWE)
References
- https://github.com/FirelyTeam/spark/commit/9c79320059f92d8aa4fbd6cc4fa8f9d5d6ba9PatchThird Party Advisory
- https://github.com/FirelyTeam/spark/compare/v1.5.4-r4...v1.5.5-r4PatchThird Party Advisory
- https://github.com/FirelyTeam/spark/releases/tag/v1.5.5-r4Third Party Advisory
- https://github.com/FirelyTeam/spark/commit/9c79320059f92d8aa4fbd6cc4fa8f9d5d6ba9PatchThird Party Advisory
- https://github.com/FirelyTeam/spark/compare/v1.5.4-r4...v1.5.5-r4PatchThird Party Advisory
- https://github.com/FirelyTeam/spark/releases/tag/v1.5.5-r4Third Party Advisory
FAQ
What is CVE-2021-32054?
CVE-2021-32054 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim'...
How severe is CVE-2021-32054?
CVE-2021-32054 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32054?
Check the references section above for vendor advisories and patch information. Affected products include: Fire.Ly Spark.