CVE-2021-21439

Description

DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions.

How to fix CVE-2021-21439

To remediate CVE-2021-21439, upgrade the affected package to a fixed version below.

—upgrade to 6.0.32-5 or later

Is CVE-2021-21439 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 6.0.32-5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2021-21439