CVE-2021-29476 — Deserialization of Untrusted Data in Requests

CWE-502 — Deserialization of Untrusted Data6 documents5 sources

Severity

9.8CRITICALNVD

EPSS

2.2%

top 15.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Rmccue Requests Debian Wordpress +1 more

Timeline

PublishedApr 27

Latest updateApr 29

Description

Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶Packagistrmccue/requests1.6.0 — 1.8.0

▶CVEListV5wordpress/requests>= 1.6.0, < 1.8.0

▶NVDwordpress/requests1.6.0, 1.6.1, 1.7.0+2

▶debiandebian/wordpress< wordpress 5.5.3+dfsg1-1 (bookworm)

▶Debianwordpress/wordpress< 5.5.3+dfsg1-1+3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Insecure Deserialization of untrusted data in rmccue/requests↗2021-04-29

▶

OSV

Insecure Deserialization of untrusted data in rmccue/requests↗2021-04-29

▶

OSV

CVE-2021-29476: Requests is a HTTP library written in PHP↗2021-04-27

▶

VulnCheck

WordPress requests Deserialization of Untrusted Data↗2021

▶

📋Vendor Advisories

Debian

CVE-2021-29476: wordpress - Requests is a HTTP library written in PHP. Requests mishandles deserialization i...↗2021

▶