Published on: 09/15/2021 12:00:00 AM UTC
Last Modified on: 09/15/2021 06:10:58 PM UTC
GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround.
- CVE-2021-39213 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software: glpi-project - glpi version >= 9.1, < 9.5.6
CVSS3 Score: 6.8 - MEDIUM
|Release 9.5.6 · glpi-project/glpi · GitHub|| github.com |
|IP restriction on GLPI API Bypass with custom header injection · Advisory · glpi-project/glpi · GitHub|| github.com |
|@CVEreport||CVE-2021-39213 : GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to vers… twitter.com/i/web/status/1…||2021-09-15 17:13:24|