CVE-2021-4138

MEDIUM

geckodriver < 0.30.0 - Server-Side Request Forgery via Host Header

Title source: llm
STIX 2.1

Description

Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname.

References (2)

Core 2
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/mozilla/geckodriver/releases/tag/v0.30.0
Issue Tracking, Permissions Required, Third Party Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1652612

Scores

CVSS v3 5.3
EPSS 0.0020
EPSS Percentile 41.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

Status published
Products (1)
mozilla/geckodriver < 0.30.0
Published May 02, 2022
Tracked Since Feb 18, 2026