First published: Wed Jul 06 2022(Updated: )
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38.
Credit: reefs@jfrog.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jfrog Artifactory | >=6.0.0<6.23.38 | |
Jfrog Artifactory | >=7.0.0<7.29.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-45721.
CVE-2021-45721 has a severity rating of 6.1, which is classified as medium.
The affected software for CVE-2021-45721 is JFrog Artifactory versions prior to 7.29.8 and 6.23.38.
CVE-2021-45721 manifests as a Reflected Cross-Site Scripting (XSS) vulnerability through one of the XHR parameters in the Users REST API endpoint.
To fix CVE-2021-45721, it is recommended to update JFrog Artifactory to version 7.29.8 or later, or version 6.23.38 or later.