CVE-2021-41329

MEDIUM

Datalust Seq <2021.2.6259 - Info Disclosure

Title source: llm

Description

Datalust Seq before 2021.2.6259 allows users (with view filters applied to their accounts) to see query results not constrained by their view filter. This information exposure, caused by an internal cache key collision, occurs when the user's view filter includes an array or IN clause, and when another user has recently executed an identical query differing only by the array elements.

References (2)

[Exploit, Third Party Advisory] https://github.com/datalust/seq-tickets/issues/1322

[Vendor Advisory] https://blog.datalust.co

Scores

CVSS v3 6.5

EPSS 0.0040

EPSS Percentile 61.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-682

Status published

Products (1)

datalust/seq < 2021.2.6259

Published Sep 27, 2021

Tracked Since Feb 18, 2026