Fluid Attacks Database

Description

In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 11	evolution-rss	=0.3.96-2 \|\| =0.3.96-3 \|\| =0.3.96-4

Aliases

1. CVE-2021-393612. NVD-2021-393613. OSV-DEBIAN-2021-393614. OSV-2021-393615. SECURITY-TRACKER-CVE-2021-39361

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.