CVE-2021-21409

Published on: 03/30/2021 12:00:00 AM UTC

Last Modified on: 05/12/2022 02:35:00 PM UTC

CVE-2021-21409 - advisory for GHSA-f256-j965-7f32

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Certain versions of Kudu from Apache contain the following vulnerability:

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.

  • CVE-2021-21409 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • Affected Vendor/Software: URL Logo netty - netty version < 4.1.61.Final

CVSS3 Score: 5.9 - MEDIUM

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
NETWORK HIGH NONE NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED NONE HIGH NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector		 Access
Complexity		 Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210923 [jira] [Assigned] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-dev] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60
Debian -- Security Information -- DSA-4885-1 netty www.debian.org
Depreciated Link
text/html
 URL Logo DEBIAN DSA-4885
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210409 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Oracle Critical Patch Update Advisory - April 2022 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpuapr2022.html
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210408 [jira] [Updated] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210408 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-dev] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409
March 2021 Apache Netty Vulnerabilities in NetApp Products | NetApp Product Security security.netapp.com
text/html
 URL Logo CONFIRM security.netapp.com/advisory/ntap-20210604-0003/
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210517 [jira] [Updated] (ZOOKEEPER-4295) Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Oracle Critical Patch Update Advisory - July 2021 www.oracle.com
text/html
 URL Logo MISC www.oracle.com//security-alerts/cpujul2021.html
Possible request smuggling in HTTP/2 due missing validation of content-length · Advisory · netty/netty · GitHub github.com
text/html
 URL Logo CONFIRM github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32
Oracle Critical Patch Update Advisory - October 2021 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpuoct2021.html
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210924 [jira] [Resolved] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Oracle Critical Patch Update Advisory - January 2022 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpujan2022.html
Possible request smuggling in HTTP/2 due missing validation · Advisory · netty/netty · GitHub github.com
text/html
 URL Logo MISC github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210408 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210521 [GitHub] [zookeeper] maoling commented on pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210923 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-commits] 20210924 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4385. Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210408 [GitHub] [zookeeper] ayushmantri opened a new pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210923 [jira] [Updated] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-commits] 20210408 [zookeeper] 01/02: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409
Merge pull request from GHSA-f256-j965-7f32 · netty/[email protected] · GitHub github.com
text/html
 URL Logo MISC github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210517 [GitHub] [zookeeper] gpiyush-dev opened a new pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to > 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210922 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60
Pony Mail! lists.apache.org
text/html
 URL Logo MLIST [zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409
CVE - CVE-2021-21295 cve.mitre.org
text/xml
 URL Logo MISC cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 178527 Debian Security Update for netty (DSA 4885-1)
  • 179514 Debian Security Update for netty (CVE-2021-21409)
  • 239478 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 8 (RHSA-2021:2694)
  • 239479 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 7 (RHSA-2021:2693)
  • 239480 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 6 (RHSA-2021:2692)
  • 239652 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.4.1 (RHSA-2021:3658)
  • 239653 Red Hat Update for Red Hat JBoss Enterprise Application Platform 7.4.1 (RHSA-2021:3656)
  • 239741 Red Hat Update for amq clients 2.9.1 release and (RHSA-2021:1511)
  • 240566 Red Hat Update for Satellite 6.11 Release (RHSA-2022:5498)
  • 960505 Rocky Linux Security Update for Satellite (RLSA-2022:5498)
  • 980348 Java (maven) Security Update for io.netty:netty-codec-http2 (GHSA-f256-j965-7f32)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationApacheKuduAllAllAllAll
ApplicationApacheZookeeperAllAllAllAll
ApplicationApacheZookeeper3.5.10AllAllAll
Operating
System		DebianDebian Linux10.0AllAllAll
ApplicationNetappOncommand Api Services-AllAllAll
ApplicationNetappOncommand Workflow Automation-AllAllAll
ApplicationNettyNettyAllAllAllAll
ApplicationOracleBanking Corporate Lending Process Management14.2.0AllAllAll
ApplicationOracleBanking Corporate Lending Process Management14.3.0AllAllAll
ApplicationOracleBanking Corporate Lending Process Management14.5.0AllAllAll
ApplicationOracleBanking Credit Facilities Process Management14.2.0AllAllAll
ApplicationOracleBanking Credit Facilities Process Management14.3.0AllAllAll
ApplicationOracleBanking Credit Facilities Process Management14.5.0AllAllAll
ApplicationOracleBanking Trade Finance Process Management14.2.0AllAllAll
ApplicationOracleBanking Trade Finance Process Management14.3.0AllAllAll
ApplicationOracleBanking Trade Finance Process Management14.5.0AllAllAll
ApplicationOracleCoherence12.2.1.4.0AllAllAll
ApplicationOracleCoherence14.1.1.0.0AllAllAll
ApplicationOracleCommunications Brm - Elastic Charging Engine12.0.0.3AllAllAll
ApplicationOracleCommunications Cloud Native Core Console1.7.0AllAllAll
ApplicationOracleCommunications Cloud Native Core Policy1.14.0AllAllAll
ApplicationOracleCommunications Design Studio7.4.2.0.0AllAllAll
ApplicationOracleCommunications Messaging Server8.1AllAllAll
ApplicationOracleHelidon1.4.10AllAllAll
ApplicationOracleHelidon2.4.0AllAllAll
ApplicationOracleJd Edwards Enterpriseone ToolsAllAllAllAll
ApplicationOracleNosql DatabaseAllAllAllAll
ApplicationOraclePrimavera GatewayAllAllAllAll
ApplicationOraclePrimavera GatewayAllAllAllAll
ApplicationOraclePrimavera GatewayAllAllAllAll
ApplicationQuarkusQuarkusAllAllAllAll
  • cpe:2.3:a:apache:kudu:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:zookeeper:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:zookeeper:3.5.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:helidon:2.4.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Reddit Logo Icon /r/netcve CVE-2021-21409 2021-03-30 15:32:32
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report