Vulnerability Description
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Build Of Quarkus | < 2.7.5 |
| Redhat | Openshift Application Runtimes | 1.0 |
| Redhat | Smallrye Health | - |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2021-3914Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2018015Issue TrackingVendor Advisory
- https://access.redhat.com/security/cve/CVE-2021-3914Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2018015Issue TrackingVendor Advisory
FAQ
What is CVE-2021-3914?
CVE-2021-3914 is a vulnerability with a CVSS score of 6.1 (MEDIUM). It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.
How severe is CVE-2021-3914?
CVE-2021-3914 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3914?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Build Of Quarkus, Redhat Openshift Application Runtimes, Redhat Smallrye Health.