CVE-2021-39213: IP restriction on GLPI API Bypass with custom header injection
First published: Wed Sep 15 2021(Updated: )
GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GLPI-PROJECT GLPI | >=9.1<9.5.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/softwarecombine
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/tags
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- vendor/glpi-project
- canonical/glpi-project glpi
- version/glpi-project glpi/9.1