CVE-2021-42009
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Email relay in Apache Traffic Control in github.com/apache/trafficcontrol
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/apache/trafficcontrol | <5.1.3 | 5.1.3 |
| Go | github.com/apache/trafficcontrol | <5.1.3+incompatible | 5.1.3+incompatible |
References
- https://nvd.nist.gov/vuln/detail/CVE-2021-42009
- https://github.com/apache/trafficcontrol
- https://lists.apache.org/thread.html/r78d471d8a4fd268a4c5ae6c47327c09d9d4b4467c31da2c97422febb@%3Cdev.trafficcontrol.apache.org%3E
- https://lists.apache.org/thread.html/r7dfa9a89b39d06caeeeb7b5cdc41b3493a9b86cc6cfa059d3f349d87@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/re384fd0f44c6d230f31376153c6e8b59e4a669f927c1533d06d702af%40%3Cdev.trafficcontrol.apache.org%3E
- https://lists.apache.org/thread.html/rf0481b9e38ece1ece458d3ce7b2d671df819e3555597f31fc34f084e%40%3Ccommits.trafficcontrol.apache.org%3E
- http://www.openwall.com/lists/oss-security/2021/10/12/1
- https://github.com/advisories/GHSA-gw97-f6h8-gm94
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.