CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28681
https://notcve.org/view.php?id=CVE-2021-28681
Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn't allow the user to continue if verification has failed.) Pion WebRTC versiones anteriores a 3.0.15, no eliminó apropiadamente la conexión DTLS cuando falló una comprobación del certificado. El PeerConnectionState se configuró para un fallo, pero un usuario podría ignorarlo y continuar usando PeerConnection. (Una implementación de WebRTC no debería permitir al usuario continuar si la comprobación ha fallado) • https://github.com/pion/webrtc/issues/1708 https://github.com/pion/webrtc/security/advisories/GHSA-74xm-qj29-cq8p • CWE-863: Incorrect Authorization •