How severe is CVE-2021-21392?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2021-21392?

This is classified as CWE-601, which is a common weakness in software security.

CVE-2021-21392

MEDIUM Year: 2021

CVSS v3 Score

6.3

Medium

CVSS v2 Score

4.9

Medium

Weakness Type

CWE-601

View all →

Vulnerability Description

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This could cause Synapse to make requests to internal infrastructure on dual-stack networks. See referenced GitHub security advisory for details and workarounds.

CVE-2019-4035

MEDIUM

CVSS:6.3(Medium)

IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to t...

CWE-6012019

CVE-2021-23888

MEDIUM

CVSS:6.3(Medium)

Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which c...

CWE-6012021

CVE-2025-3522

MEDIUM

CVSS:6.3(Medium)

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine fi...

CWE-6012025

CVE-2024-9387

MEDIUM

CVSS:6.4(Medium)

An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a giv...

CWE-6012024

CVE-2005-10001

MEDIUM

CVSS:6.1(Medium)

A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The mani...

CWE-6012005

CVE-2005-4206

MEDIUM

CVSS:6.1(Medium)

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks ...

CWE-6012005

CVE-2021-21392

Vulnerability Description

Related Vulnerabilities

CVE-2019-4035

CVE-2021-23888

CVE-2025-3522

CVE-2024-9387

CVE-2005-10001

CVE-2005-4206