CVE-2021-38165 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Information disclosure
Description	HTParse in Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data or HTTP headers.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2261	lynx	2.8.9-3	2.8.9-4	High	Fixed	FS#71764

Date	Advisory	Group	Package	Severity	Type
10 Aug 2021	ASA-202108-9	AVG-2261	lynx	High	information disclosure

References
https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html https://lynx.invisible-island.net/current/CHANGES.html#index-v2.9.0dev.9 https://github.com/archlinux/svntogit-packages/blob/packages/lynx/trunk/CVE-2021-38165.diff

References

https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
https://lynx.invisible-island.net/current/CHANGES.html#index-v2.9.0dev.9
https://github.com/archlinux/svntogit-packages/blob/packages/lynx/trunk/CVE-2021-38165.diff