Information Disclosure in Anjuta Document Manager Plugin by GNOME
CVE-2021-42522

7.5HIGH

Key Information:

Vendor: Gnome
Status: Gnome Anjuta
Vendor: CVE Published:; 25 August 2022

What is CVE-2021-42522?

Anjuta Document Manager has a vulnerability due to improper handling of the libxml2 API, resulting in potential information disclosure. The failure to release allocated memory by not invoking 'g_free()' on the output returned by 'xmlGetProp()' poses risks of unintended information leakage. Users of Anjuta should apply necessary updates to mitigate the security implications of this vulnerability.

Affected Version(s)

GNOME anjuta anjuta - 2.0.0

References

https://gitlab.gnome.org/GNOME/anjuta/-/issues/12

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2022
Vulnerability Reserved
Oct 15, 2021

Gnome

What is CVE-2021-42522?

Affected Version(s)

References

CVSS V3.1

Timeline