CVE-2021-21823

HIGH

Komoot < 11.1.11 - Information Disclosure

Title source: rule

Description

An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information.

References (1)

[Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2021-1288

Scores

CVSS v3 7.5

EPSS 0.0027

EPSS Percentile 50.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-359 CWE-200

Status published

Products (1)

komoot/komoot 10.26.9 - 11.1.11

Published Aug 20, 2021

Tracked Since Feb 18, 2026