CVE-2021-39213

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-39213
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39213.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-39213
Downstream
Related
  • GHSA-6w9f-2m6g-5777
Published
2021-09-15T17:15:10.337Z
Modified
2025-11-14T12:15:34.135011Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround.

References

Affected packages

Git / github.com/glpi-project/glpi

Affected ranges

Type
GIT
Repo
https://github.com/glpi-project/glpi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
54502568d9d79c8695266e587a182dd85cf76f77

Affected versions

0.*

0.90
0.90-RC1
0.90-RC2
0.90-beta1
0.90-beta2
0.90.1

9.*

9.1
9.1-RC1
9.1-RC2
9.3-beta
9.4.0
9.4.0-beta
9.4.0-rc1
9.4.0-rc2
9.4.1
9.4.1.1
9.4.2
9.4.3
9.4.4
9.4.5
9.4.6
9.5.0
9.5.0-rc1
9.5.0-rc2
9.5.1
9.5.2
9.5.3
9.5.4
9.5.5