CVE-2021-36377

CVE-2021-36377

EPSS 0.6%

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBTRZ5HCOUTIIKJF3T37NORI4P7EVYCY/