CVE-2021-28681
Authorization bypass in github.com/pion/webrtc/v3
5.3
MEDIUM
CVSS 3.1
EPSS 0.10%
Description
Due to improper error handling, DTLS connections were not killed when certificate verification failed, causing users who did not check the connection state to continue to use the connection. This could allow allow an attacker which holds the ICE password, but not a valid certificate, to bypass this restriction.
How to fix CVE-2021-28681
To remediate CVE-2021-28681, upgrade the affected package to a fixed version below.
- —upgrade to 3.0.15 or later
- —upgrade to 3.0.15 or later
Is CVE-2021-28681 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.0.15
- from 0, < 3.0.15
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |