CVE-2021-22897

MEDIUM Year: 2021
CVSS v3 Score
5.3
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-840
View all →

Vulnerability Description

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.

Related Vulnerabilities

CVE-2020-8228

MEDIUM
CVSS:5.3(Medium)

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.

CWE-8402020

CVE-2022-0689

MEDIUM
CVSS:5.3(Medium)

Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.

CWE-8402022

CVE-2024-2151

MEDIUM
CVSS:5.3(Medium)

A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Hand...

CWE-8402024

CVE-2024-6844

MEDIUM
CVSS:5.3(Medium)

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquote_plus...

CWE-8402024

CVE-2025-24425

MEDIUM
CVSS:5.3(Medium)

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Business Logic Error vulnerability that could result in a security feature bypass. An attack...

CWE-8402025

CVE-2023-3228

MEDIUM
CVSS:5.4(Medium)

Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.

CWE-8402023