Home > Vulnerability Database > WS-2021-0420

Mend.io Vulnerability Database

WS-2021-0420

Good to know:

Date: November 9, 2021

Users or API keys with permission to expire verification codes could have expired codes that belonged to another realm if they guessed the UUID. Fixed in 1.1.2

Language: Go

Severity Score

3.1

Related Resources (2)

Url: https://github.com/google/exposure-notifications-verification-server/security/advisories/GHSA-wx8q-rgfr-cf6v

Url: https://www.mend.io/vulnerability-database/WS-2021-0420

Severity Score

3.1

Weakness Type (CWE)

Code

CWE-17

Top Fix

Upgrade Version

Upgrade to version v1.1.2

Learn More

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2021-0420

Good to know:

Date: November 9, 2021

Language: Go

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?