CVE-2021-32054
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser.
Firely/Incendi Spark versiones anteriores a 1.5.5-r4, carece de encabezados Content-Disposition en determinadas situaciones, lo que puede causar a unos archivos diseñados ser enviados a clientes de manera que son procesados directamente en el navegador web de la víctima
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-05-05 CVE Reserved
- 2021-05-14 CVE Published
- 2024-01-28 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-706: Use of Incorrectly-Resolved Name or Reference
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/FirelyTeam/spark/releases/tag/v1.5.5-r4 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/FirelyTeam/spark/commit/9c79320059f92d8aa4fbd6cc4fa8f9d5d6ba9941 | 2021-05-27 | |
| https://github.com/FirelyTeam/spark/compare/v1.5.4-r4...v1.5.5-r4 | 2021-05-27 |
| URL | Date | SRC |
|---|