---

CVE-2021-38165 - log back

CVE-2021-38165 edited at 09 Aug 2021 16:30:50
References	https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html https://lynx.invisible-island.net/current/CHANGES.html#index-v2.9.0dev.9 - https://bugs.archlinux.org/task/71764?getfile=20606 + https://github.com/archlinux/svntogit-packages/blob/packages/lynx/trunk/CVE-2021-38165.diff

CVE-2021-38165 edited at 07 Aug 2021 19:40:29
References	https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html https://lynx.invisible-island.net/current/CHANGES.html#index-v2.9.0dev.9 + https://bugs.archlinux.org/task/71764?getfile=20606

CVE-2021-38165 edited at 07 Aug 2021 19:22:21
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ HTParse in Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data or HTTP headers.
References	+ https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html + https://lynx.invisible-island.net/current/CHANGES.html#index-v2.9.0dev.9
Notes

CVE-2021-38165 created at 07 Aug 2021 19:19:47