Vulnerability Details CVE-2021-32814
Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate critical files on the host's file system. This security bug has been patched in version 0.5.1. There are no known workarounds aside from upgrading.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.4
References
- https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17
- https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e
- https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7
- https://security.skytable.io/ve/s/00001.html
- https://github.com/skytable/skytable/blob/next/CHANGELOG.md#version-051-2021-03-17
- https://github.com/skytable/skytable/commit/38b011273bb92b83c61053ae2fcd80aa9320315c#diff-1cdcf1a793c71ec658782437e4da7e3a37042bc1e2c12545942e9a14679c4b7e
- https://github.com/skytable/skytable/security/advisories/GHSA-2hj9-cxmc-m4g7
- https://security.skytable.io/ve/s/00001.html
Products affected by CVE-2021-32814
-
cpe:2.3:a:skytable:skytable:0.1.0
-
cpe:2.3:a:skytable:skytable:0.2.0
-
cpe:2.3:a:skytable:skytable:0.3.0
-
cpe:2.3:a:skytable:skytable:0.3.1
-
cpe:2.3:a:skytable:skytable:0.3.2
-
cpe:2.3:a:skytable:skytable:0.4.0
-
cpe:2.3:a:skytable:skytable:0.4.1
-
cpe:2.3:a:skytable:skytable:0.4.2
-
cpe:2.3:a:skytable:skytable:0.4.3
-
cpe:2.3:a:skytable:skytable:0.4.4
-
cpe:2.3:a:skytable:skytable:0.4.5
-
cpe:2.3:a:skytable:skytable:0.5.0