{"vulnerability": "cve-2021-2135", "sightings": [{"uuid": "b4b74c41-f23e-493a-89df-a73acca19199", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21353", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3llpaxs4utj2p", "content": "", "creation_timestamp": "2025-03-31T21:02:06.420410Z"}, {"uuid": "cf6e5d81-6765-474d-b5ce-42cba760a4ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-2135", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-2135.yaml", "content": "", "creation_timestamp": "2025-12-06T04:16:04.000000Z"}, {"uuid": "390a94d7-ee01-4023-8d2a-5b7cb1a98a3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21358", "type": "seen", "source": "https://t.me/cibsecurity/25281", "content": "\u203c CVE-2021-21358 \u203c\n\nTYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-23T06:38:12.000000Z"}, {"uuid": "dbc29d07-aed3-49ce-9d56-cf2bd1e554dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-2135", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m7lgxdvqlv2w", "content": "", "creation_timestamp": "2025-12-09T21:02:29.182976Z"}, {"uuid": "c03cd29e-d0b1-4f6f-ad87-85767c4fa012", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21353", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12168", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-21353\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)\n\ud83d\udd39 Description: Pug is an npm package which is a high-performance template engine.  In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1.  This advisory applies to multiple pug packages including \"pug\", \"pug-code-gen\".  pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade.\n\ud83d\udccf Published: 2021-03-03T01:50:18\n\ud83d\udccf Modified: 2025-04-16T22:10:03.957Z\n\ud83d\udd17 References:\n1. https://github.com/pugjs/pug/security/advisories/GHSA-p493-635q-r6gr\n2. https://github.com/pugjs/pug/issues/3312\n3. https://github.com/pugjs/pug/pull/3314\n4. https://github.com/pugjs/pug/commit/991e78f7c4220b2f8da042877c6f0ef5a4683be0\n5. https://github.com/pugjs/pug/releases/tag/pug%403.0.1\n6. https://www.npmjs.com/package/pug\n7. https://www.npmjs.com/package/pug-code-gen", "creation_timestamp": "2025-04-16T22:57:50.000000Z"}, {"uuid": "f53e02bb-b732-4698-9abb-07ac4e9b565f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21359", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12668", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23500\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1.\n\ud83d\udccf Published: 2022-12-14T07:07:05.039Z\n\ud83d\udccf Modified: 2025-04-21T14:54:11.819Z\n\ud83d\udd17 References:\n1. https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h", "creation_timestamp": "2025-04-21T15:02:46.000000Z"}, {"uuid": "f9883956-217a-4664-9e6e-a3ec7c47cd1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21354", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/24576", "content": "\u203c CVE-2021-21354 \u203c\n\nPollbot is open source software which \"frees its human masters from the toilsome task of polling for the state of things during the Firefox release process.\" In Pollbot before version 1.4.4 there is an open redirection vulnerability in the path of \"https://pollbot.services.mozilla.com/\". An attacker can redirect anyone to malicious sites. To Reproduce type in this URL: \"https://pollbot.services.mozilla.com//evil.com/\". Affected versions will redirect to that website when you inject a payload like \"//evil.com/\". This is fixed in version 1.4.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-08T22:50:41.000000Z"}, {"uuid": "360f7541-78f8-41a0-9297-6aeae6135e47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21359", "type": "seen", "source": "https://t.me/cibsecurity/25276", "content": "\u203c CVE-2021-21359 \u203c\n\nTYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-23T06:38:05.000000Z"}, {"uuid": "d259bf4c-d51d-49bb-8783-a4f6e9ec8e1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21357", "type": "seen", "source": "https://t.me/cibsecurity/25274", "content": "\u203c CVE-2021-21357 \u203c\n\nTYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-23T06:38:01.000000Z"}, {"uuid": "6d0cfab7-6e06-4758-8188-4b6fe7c80bc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21355", "type": "seen", "source": "https://t.me/cibsecurity/25272", "content": "\u203c CVE-2021-21355 \u203c\n\nTYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-23T06:37:59.000000Z"}, {"uuid": "8ef72f1a-db43-4238-af7c-bbeb9447e905", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21350", "type": "seen", "source": "https://t.me/cibsecurity/25271", "content": "\u203c CVE-2021-21350 \u203c\n\nXStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-23T06:37:58.000000Z"}, {"uuid": "f5e73100-d880-4636-8a22-f8c81b119819", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21351", "type": "seen", "source": "https://t.me/cibsecurity/25270", "content": "\u203c CVE-2021-21351 \u203c\n\nXStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-23T06:37:57.000000Z"}, {"uuid": "1a6b2ed0-a27c-426d-84c0-a65a337063b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21350", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3127", "content": "#Threat_Research \n1. In-depth analysis of the Xstream deserialization RCE vulnerability (PoCs for CVE-2021-21345, CVE-2021-21347, CVE-2021-21350, CVE-2021-21351)\nhttp://blog.topsec.com.cn/xstream\u53cd\u5e8f\u5217\u5316\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u6df1\u5165\u5206\u6790\n2. Cisco RV34X Series:\n- RV34X /upload Authorization Bypass (CVE-2021-1472)\n- RV34X OS Command injection in Cookie string (CVE-2021-1473)\nhttps://www.iot-inspector.com/blog/advisory-cisco-rv34x-authentication-bypass-remote-command-execution", "creation_timestamp": "2021-04-15T11:02:09.000000Z"}, {"uuid": "2427f992-4da6-4ce3-9eb2-c78825269e68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-21351", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3127", "content": "#Threat_Research \n1. In-depth analysis of the Xstream deserialization RCE vulnerability (PoCs for CVE-2021-21345, CVE-2021-21347, CVE-2021-21350, CVE-2021-21351)\nhttp://blog.topsec.com.cn/xstream\u53cd\u5e8f\u5217\u5316\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u6df1\u5165\u5206\u6790\n2. Cisco RV34X Series:\n- RV34X /upload Authorization Bypass (CVE-2021-1472)\n- RV34X OS Command injection in Cookie string (CVE-2021-1473)\nhttps://www.iot-inspector.com/blog/advisory-cisco-rv34x-authentication-bypass-remote-command-execution", "creation_timestamp": "2021-04-15T11:02:09.000000Z"}]}