Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0.
References
Link | Resource |
---|---|
https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54 | Third Party Advisory |
https://github.com/rmccue/Requests/pull/421 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 May 2021, 03:06
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54 - Third Party Advisory | |
References | (MISC) https://github.com/rmccue/Requests/pull/421 - Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:a:wordpress:requests:1.7.0:*:*:*:*:*:*:* cpe:2.3:a:wordpress:requests:1.6.0:*:*:*:*:*:*:* cpe:2.3:a:wordpress:requests:1.6.1:*:*:*:*:*:*:* |
27 Apr 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-27 21:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-29476
Mitre link : CVE-2021-29476
CVE.ORG link : CVE-2021-29476
JSON object : View
Products Affected
wordpress
- requests
CWE
CWE-502
Deserialization of Untrusted Data