How severe is CVE-2024-21491?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-21491?

This is classified as CWE-288, which is a common weakness in software security.

CVE-2024-21491 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.

Related Vulnerabilities

CVE-2020-13185

MEDIUM

CVSS:6.5(Medium)

Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attac...

CWE-2882020

CVE-2020-1637

MEDIUM

CVSS:6.5(Medium)

A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occ...

CWE-2882020

CVE-2020-17409

MEDIUM

CVSS:6.5(Medium)

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmwar...

CWE-2882020

CVE-2020-27863

MEDIUM

CVSS:6.5(Medium)

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DVA-2800 and DSL-2888A routers. Authentication is not required to exploit thi...

CWE-2882020

CVE-2022-1067

MEDIUM

CVSS:6.5(Medium)

Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting.

CWE-2882022

CVE-2022-23722

MEDIUM

CVSS:6.5(Medium)

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another exi...

CWE-2882022