关键信息 CVE-2021-36802 Detail CVE Dictionary Entry: CVE-2021-36802 NVD Published Date: 08/04/2021 NVD Last Modified: 11/21/2024 Source: Rapid7, Inc. Description Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This issue was fixed in version 2.1.13 of the product. Metrics CVSS Version 3.x Severity and Vector Strings - Base Score: 6.5 MEDIUM - Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H References to Advisories, Solutions, and Tools URL: https://www.rapid7.com/blog/post/2021/07/27/multiple-open-source-web-app-vulnerabilities-fixed/ Source(s): CVE, Inc., Rapid7 Tag(s): Exploit, Third Party Advisory Weakness Enumeration CWE-ID: CWE-248 CWE Name: Uncaught Exception Source: Rapid7, Inc. Known Affected Software Configurations Configuration: cpe:2.3:a:akaunting:akaunting:::::::: Up to (including) 2.1.12 Change History 3 change records found show changes