Skip to main content

Arangodb

2 CVEs product

Monthly

CVE-2021-25940 HIGH PATCH This Week

In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Arangodb
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2021-25938 MEDIUM POC PATCH This Month

In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Arangodb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
EPSS 1% CVSS 8.0
HIGH PATCH This Week

In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Arangodb
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Arangodb
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy