Fluid Attacks Database

Description

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libgda5	=5.2.10-1 \|\| =5.2.10-2 \|\| =5.2.10-3 \|\| =5.2.10-3.1 \|\| =5.2.10-3.1~exp1 \|\| =5.2.10-4 \|\| =5.2.10-4.1 \|\| =5.2.10-5 \|\| =5.2.10-6 \|\| =5.2.10-7 \|\| =5.2.10-8 \|\| =5.2.9-2	-
debian 13	libgda5	>=0 <5.2.10-5	5.2.10-5
debian 14	libgda5	>=0 <5.2.10-5	5.2.10-5
debian 12	libgda5	=5.2.10-3 \|\| =5.2.10-3.1 \|\| =5.2.10-3.1~exp1 \|\| =5.2.10-4 \|\| =5.2.10-4.1 \|\| =5.2.10-5 \|\| =5.2.10-6 \|\| =5.2.10-7 \|\| =5.2.10-8	-

Aliases

1. CVE-2021-393592. NVD-2021-393593. OSV-DEBIAN-2021-393594. OSV-2021-393595. SECURITY-TRACKER-CVE-2021-39359

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.