CVE-2021-44225

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property

References

Affected packages

Git / github.com/aio-libs/aiohttp

Affected ranges

Type: GIT
Repo: https://github.com/aio-libs/aiohttp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2c2172a13b0d04c5be206d204a66ab37d473369f

Affected versions

0.*

0.15.2

0.8.2

1.*

1.3.0

2.*

2.0.0

2.0.0rc1

2.0.1

2.0.2

2.0.3

2.0.3-1

2.0.4

2.0.5

2.0.6

2.0.7

4v0.*

4v0.21.6

v.*

v.0.6.5

v0.*

v0.1

v0.10.0

v0.10.1

v0.10.2

v0.11.0

v0.12.0

v0.13.0

v0.13.1

v0.14.0

v0.14.1

v0.14.2

v0.14.3

v0.14.4

v0.15.0

v0.15.1

v0.15.2

v0.15.3

v0.16.0

v0.16.1

v0.16.2

v0.16.3

v0.16.4

v0.16.5

v0.16.6

v0.17.0

v0.17.1

v0.17.2

v0.17.3

v0.17.4

v0.18.0

v0.18.1

v0.18.2

v0.18.3

v0.18.4

v0.19.0

v0.2

v0.20.0

v0.20.1

v0.20.2

v0.21.0

v0.21.0a0

v0.21.0a1

v0.21.0a2

v0.21.1

v0.21.2

v0.21.3

v0.21.4

v0.21.5

v0.21.6

v0.22.0

v0.22.0b0

v0.22.0b1

v0.22.0b2

v0.22.0b3

v0.22.0b4

v0.22.0b5

v0.22.0b6

v0.22.1

v0.22.2

v0.22.3

v0.22.4

v0.22.5

v0.3

v0.4

v0.4.1

v0.4.2

v0.5.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.7.0

v0.7.1

v0.7.2

v0.7.3

v0.8.0

v0.8.1

v0.8.3

v0.8.4

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.4

v1.0.5

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.2.0

v2.*

v2.1.0

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44225.json"