{"vulnerability": "CVE-2021-4127", "sightings": [{"uuid": "f48cdd6d-9957-43a3-baa3-e00d2e085460", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2659502", "content": "", "creation_timestamp": "2024-11-12T19:24:15.536378Z"}, {"uuid": "648460d0-e21c-49b3-a13c-1ff9686919c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113471442114730989", "content": "", "creation_timestamp": "2024-11-12T18:40:00.715502Z"}, {"uuid": "113e484e-5113-420a-8da1-2fa890f1bc69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-11-12T21:10:02.000000Z"}, {"uuid": "ed8f4d4d-613e-4616-a8f0-5721b503337d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-30)", "content": "", "creation_timestamp": "2025-01-30T00:00:00.000000Z"}, {"uuid": "27055d37-8726-4dab-a509-13d8a50eb38e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-27)", "content": "", "creation_timestamp": "2025-01-27T00:00:00.000000Z"}, {"uuid": "5acf8f3b-eefc-4838-a27c-db226e6789fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-31)", "content": "", "creation_timestamp": "2025-01-31T00:00:00.000000Z"}, {"uuid": "af96c2ca-99b6-4270-8376-4ad9b522684f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-26)", "content": "", "creation_timestamp": "2025-01-26T00:00:00.000000Z"}, {"uuid": "bdb7eb78-3a4f-4291-a7bc-da19fd87b2a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-29)", "content": "", "creation_timestamp": "2025-01-29T00:00:00.000000Z"}, {"uuid": "f5c8b394-e7b7-42d2-9cd1-ca5fb7db1704", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-29)", "content": "", "creation_timestamp": "2025-01-29T00:00:00.000000Z"}, {"uuid": "9c795976-8fbf-41bb-98c3-a2cfbaad632b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-01)", "content": "", "creation_timestamp": "2025-02-01T00:00:00.000000Z"}, {"uuid": "c29af405-16c7-4a3f-beb2-9b63fa2e9f91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-01)", "content": "", "creation_timestamp": "2025-02-01T00:00:00.000000Z"}, {"uuid": "7685a89f-a732-4624-9ce3-1b3c141a7785", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-01-28)", "content": "", "creation_timestamp": "2025-01-28T00:00:00.000000Z"}, {"uuid": "c26b5eac-3983-4509-8491-1d72cceb94d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-01-28)", "content": "", "creation_timestamp": "2025-01-28T00:00:00.000000Z"}, {"uuid": "542427aa-5329-412c-811c-aa17a0606fec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-09)", "content": "", "creation_timestamp": "2025-02-09T00:00:00.000000Z"}, {"uuid": "f22aecdd-9d3f-40f9-86fe-ed214b453f2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-05)", "content": "", "creation_timestamp": "2025-03-05T00:00:00.000000Z"}, {"uuid": "e67a73b2-7339-447a-a8e8-9071948b23a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-09)", "content": "", "creation_timestamp": "2025-03-09T00:00:00.000000Z"}, {"uuid": "9f3edd21-b560-48cb-b534-54e014b09fb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-15)", "content": "", "creation_timestamp": "2025-03-15T00:00:00.000000Z"}, {"uuid": "41f59f5e-edb0-4635-8af6-c4293d46690b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-15)", "content": "", "creation_timestamp": "2025-03-15T00:00:00.000000Z"}, {"uuid": "50a0c7df-7bc1-4907-a6dc-5ce7a4c2f272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-15)", "content": "", "creation_timestamp": "2025-02-15T00:00:00.000000Z"}, {"uuid": "dabcc3bc-30ae-4933-a44a-aca492d9dea1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-15)", "content": "", "creation_timestamp": "2025-02-15T00:00:00.000000Z"}, {"uuid": "32e0a312-9a4f-4a18-bc78-5fc02e9e52b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-09)", "content": "", "creation_timestamp": "2025-03-09T00:00:00.000000Z"}, {"uuid": "87e3ac30-b4cf-4334-a38f-63219838d927", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:11:01.000000Z"}, {"uuid": "898fefb4-432c-42c7-ad6f-914f00317ef4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-20)", "content": "", "creation_timestamp": "2025-04-20T00:00:00.000000Z"}, {"uuid": "483b560b-f161-4cbf-ac31-6408d530f876", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-17)", "content": "", "creation_timestamp": "2025-06-17T00:00:00.000000Z"}, {"uuid": "3bc71f1d-3d0b-4174-a0f4-f79ee2ec6edb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-04-12)", "content": "", "creation_timestamp": "2025-04-12T00:00:00.000000Z"}, {"uuid": "c79e9ee1-45ff-433a-9f46-3bacc0b56e91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-01)", "content": "", "creation_timestamp": "2025-07-01T00:00:00.000000Z"}, {"uuid": "88c8c42f-5203-4025-a22f-729fd12fa68a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-04-24)", "content": "", "creation_timestamp": "2025-04-24T00:00:00.000000Z"}, {"uuid": "b146a48f-09e4-46e0-9ae8-b50dd5eafcb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-01)", "content": "", "creation_timestamp": "2026-01-01T00:00:00.000000Z"}, {"uuid": "18272979-ca47-495c-aaeb-e3d94270c7be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-06-02)", "content": "", "creation_timestamp": "2025-06-02T00:00:00.000000Z"}, {"uuid": "7394f466-4000-4860-b954-0335fece64c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-20)", "content": "", "creation_timestamp": "2025-07-20T00:00:00.000000Z"}, {"uuid": "83708d17-1081-4ef2-a48a-29a8ba474f43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-25)", "content": "", "creation_timestamp": "2025-07-25T00:00:00.000000Z"}, {"uuid": "4f1a1e95-4955-4d6e-bfdf-2c6f8c31a5f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41278", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lyo5wachhi2g", "content": "", "creation_timestamp": "2025-09-12T21:02:25.170006Z"}, {"uuid": "472e8049-8e48-41ac-b1c7-4839e47d4a47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lordwbykcs25", "content": "", "creation_timestamp": "2025-05-09T21:15:54.053232Z"}, {"uuid": "89d4376a-2bfd-423b-b2e6-8821f5a07074", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lordwdagok25", "content": "", "creation_timestamp": "2025-05-09T21:15:54.699739Z"}, {"uuid": "56f65479-6936-4d02-846b-68597fde863f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-06-18)", "content": "", "creation_timestamp": "2025-06-18T00:00:00.000000Z"}, {"uuid": "b2dfab2d-6fe6-4d59-b1bf-226687df846d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-06)", "content": "", "creation_timestamp": "2026-01-06T00:00:00.000000Z"}, {"uuid": "ce76bae9-c044-4ef8-a43f-0574c6f1254d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-12)", "content": "", "creation_timestamp": "2026-01-12T00:00:00.000000Z"}, {"uuid": "cdf4cee6-3932-470e-b73e-087843354304", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-01-11)", "content": "", "creation_timestamp": "2026-01-11T00:00:00.000000Z"}, {"uuid": "39742f19-2af3-4369-8e14-57dd7bf3051c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-22)", "content": "", "creation_timestamp": "2026-03-22T00:00:00.000000Z"}, {"uuid": "7c266bcb-366c-46c1-9f7b-3a3c24a2f954", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-26)", "content": "", "creation_timestamp": "2026-03-26T00:00:00.000000Z"}, {"uuid": "ff0f2e8f-2a52-4b16-97a7-31292d68006e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-02)", "content": "", "creation_timestamp": "2026-04-02T00:00:00.000000Z"}, {"uuid": "1c8cb074-27c5-4c68-96a8-78bac98f6fd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-22)", "content": "", "creation_timestamp": "2026-03-22T00:00:00.000000Z"}, {"uuid": "a6f5743f-bb5e-4b5d-91a8-440f6824f008", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-27)", "content": "", "creation_timestamp": "2026-03-27T00:00:00.000000Z"}, {"uuid": "35b9ed79-a537-48a7-b06b-43a045d6469a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-20)", "content": "", "creation_timestamp": "2026-03-20T00:00:00.000000Z"}, {"uuid": "f1b15841-bf25-4bf2-8c6c-114470dc28ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-03-21)", "content": "", "creation_timestamp": "2026-03-21T00:00:00.000000Z"}, {"uuid": "0c1211ed-f0bf-4e43-b034-bc487fe823ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/318678a8-3f9f-4940-843d-ef7f2ce5abc2", "content": "", "creation_timestamp": "2026-02-02T12:26:22.530201Z"}, {"uuid": "fec8d615-02ec-4f54-9d9f-bcda3f36508b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-10)", "content": "", "creation_timestamp": "2026-04-10T00:00:00.000000Z"}, {"uuid": "607c42e8-0d06-431a-b7f6-40548889e563", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-03)", "content": "", "creation_timestamp": "2026-04-03T00:00:00.000000Z"}, {"uuid": "36f66f5c-ff4b-4323-9a5c-2464eabf27e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "published-proof-of-concept", "source": "https://t.me/cKure/8206", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day | CVE-2021-41277\n\ncat targets.txt | while read host do;do curl --silent --insecure --path-as-is \"$host/api/geojson?url=file:///etc/passwd\" | grep -qs \"root:x\" && echo \"$host \\033[0;31m Vulnerable\";done\n\nhttps://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr", "creation_timestamp": "2021-11-24T19:33:37.000000Z"}, {"uuid": "49bb9f28-fb82-4f4e-94a0-5471adcd7c9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-11)", "content": "", "creation_timestamp": "2026-04-11T00:00:00.000000Z"}, {"uuid": "0a16a1d9-7a08-4423-b657-90e60e94ebbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-10)", "content": "", "creation_timestamp": "2026-04-10T00:00:00.000000Z"}, {"uuid": "20ba10c4-afb3-4b14-a8ec-08889157d4ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-11)", "content": "", "creation_timestamp": "2026-04-11T00:00:00.000000Z"}, {"uuid": "033e09eb-ed5f-43b3-a054-cb9e563e959e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1296", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aCVE-2021-41277 can be extended to an SSRF \nURL\uff1ahttps://github.com/sasukeourad/CVE-2021-41277_SSRF", "creation_timestamp": "2022-01-10T01:54:46.000000Z"}, {"uuid": "960e34d3-10a9-4c5a-9744-413295875e36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-12)", "content": "", "creation_timestamp": "2026-04-12T00:00:00.000000Z"}, {"uuid": "2d79375b-85ff-480d-9d5c-3af474f255f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1364", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aIt is a nmap script for metabase vulnerability (CVE-2021-41277)\nURL\uff1ahttps://github.com/frknktlca/Metabase_Nmap_Script", "creation_timestamp": "2022-01-19T17:45:18.000000Z"}, {"uuid": "dd7bc66b-aa06-48c0-881f-561857df4b18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/883", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2021\n\u63cf\u8ff0\uff1aPoC for CVE-2021-41277\nURL\uff1ahttps://github.com/tahtaciburak/CVE-2021-41277", "creation_timestamp": "2021-11-25T21:13:59.000000Z"}, {"uuid": "f970a88b-6ab6-4800-9e2a-822ac02df4db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "published-proof-of-concept", "source": "https://github.com/google/tsunami-security-scanner-plugins/tree/master/community/detectors/metabase_cve_2021_41277", "content": "", "creation_timestamp": "2021-12-01T07:22:50.000000Z"}, {"uuid": "1eb2528e-4892-4153-9763-94d503105677", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-20)", "content": "", "creation_timestamp": "2026-04-20T00:00:00.000000Z"}, {"uuid": "9380e19c-f5d0-4cd1-a611-28c90e7389b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-24)", "content": "", "creation_timestamp": "2026-04-24T00:00:00.000000Z"}, {"uuid": "4a736028-3a94-43b4-841c-776bdc6e4fb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-16)", "content": "", "creation_timestamp": "2026-04-16T00:00:00.000000Z"}, {"uuid": "c82171de-abb4-4a29-8e38-4997a00c2f0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "published-proof-of-concept", "source": "https://t.me/hacker_trick/612", "content": "CVE-2021-41277 can be extended to an SSRF\nhttps://github.com/sasukeourad/CVE-2021-41277_SSRF\n\nSonicWall SMA-100 Unauth RCE \nExploit CVE-2021-20038\nhttps://github.com/jbaines-r7/badblood", "creation_timestamp": "2022-01-11T18:24:46.000000Z"}, {"uuid": "4cffa76b-02c3-4a23-a726-1c91427ec3dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "https://t.me/arpsyndicate/1564", "content": "#ExploitObserverAlert\n\nCVE-2021-41277\n\nDESCRIPTION: Exploit Observer has 50 entries related to CVE-2021-41277. Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you\u2019re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.\n\nFIRST-EPSS: 0.067680000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-12-08T13:01:21.000000Z"}, {"uuid": "c67a059f-3601-4572-8210-cec2453b8db8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-4127", "type": "seen", "source": "https://t.me/cibsecurity/55151", "content": "\u203c CVE-2021-4127 \u203c\n\nAn out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T22:23:46.000000Z"}, {"uuid": "601f367d-8b62-4758-95f7-f9053ebbeafb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "published-proof-of-concept", "source": "Telegram/5u7FwDgfpeKuzG8ivHxniYFe1bK287W_1ULABUcApgjoyw", "content": "", "creation_timestamp": "2021-11-25T23:07:49.000000Z"}, {"uuid": "c68fdcae-5b4d-4c8c-b344-0c0455b06e30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "published-proof-of-concept", "source": "Telegram/5gxatJpYVM_NPaPWX745N9ibdK_MxDhjygYPpnblnfkz7g", "content": "", "creation_timestamp": "2021-11-23T22:40:00.000000Z"}, {"uuid": "902a8773-da02-41b1-986a-009b58fee6fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41272", "type": "seen", "source": "https://t.me/cibsecurity/33892", "content": "\u203c CVE-2021-41272 \u203c\n\nBesu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart contracts that ask for shifts between approximately 2 billion and 4 billion bits (nonsensical but valid values for the operation) will fail to execute and hence fail to validate. In networks where vulnerable versions are mining with other clients or non-vulnerable versions this will result in a fork and the relevant transactions will not be included in the fork. In networks where vulnerable versions are not mining (such as Rinkeby) no fork will result and the validator nodes will stop accepting blocks. In networks where only vulnerable versions are mining the relevant transaction will not be included in any blocks. When the network adds a non-vulnerable version the network will act as in the first case. Besu 21.10.2 contains a patch for this issue. Besu 21.7.4 is not vulnerable and clients can roll back to that version. There is a workaround available: Once a transaction with the relevant shift operations is included in the canonical chain, the only remediation is to make sure all nodes are on non-vulnerable versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-14T00:13:33.000000Z"}, {"uuid": "2c96067a-0fee-4d3e-b86b-0768cda461df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41279", "type": "seen", "source": "https://t.me/cibsecurity/32999", "content": "\u203c CVE-2021-41279 \u203c\n\nBaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-26T20:29:51.000000Z"}, {"uuid": "5307e376-8c15-407c-a762-9db6c6bd6f2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41270", "type": "seen", "source": "https://t.me/cibsecurity/32975", "content": "\u203c CVE-2021-41270 \u203c\n\nSymfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony versions 4.1.0 before 4.4.35 and versions 5.0.0 before 5.3.12 are vulnerable to CSV injection, also known as formula injection. In Symfony 4.1, maintainers added the opt-in `csv_escape_formulas` option in the `CsvEncoder`, to prefix all cells starting with `=`, `+`, `-` or `@` with a tab `\\t`. Since then, OWASP added 2 chars in that list: Tab (0x09) and Carriage return (0x0D). This makes the previous prefix char (Tab `\\t`) part of the vulnerable characters, and OWASP suggests using the single quote `'` for prefixing the value. Starting with versions 4.4.34 and 5.3.12, Symfony now follows the OWASP recommendations and uses the single quote `'` to prefix formulas and add the prefix to cells starting by `\\t`, `\\r` as well as `=`, `+`, `-` and `@`.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-24T22:27:41.000000Z"}, {"uuid": "f0131695-cdc5-480e-8dd0-1faf12303538", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41278", "type": "seen", "source": "https://t.me/cibsecurity/32669", "content": "\u203c CVE-2021-41278 \u203c\n\nFunctions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk \u00e2\u20ac\u0153AES\u00e2\u20ac\ufffd transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. The app-functions-sdk exports an \u00e2\u20ac\u0153aes\u00e2\u20ac\ufffd transform that user scripts can optionally call to encrypt data in the processing pipeline. No decrypt function is provided. Encryption is not enabled by default, but if used, the level of protection may be less than the user may expects due to a broken implementation. Version v2.1.0 (EdgeX Foundry Jakarta release and later) of app-functions-sdk-go/v2 deprecates the \u00e2\u20ac\u0153aes\u00e2\u20ac\ufffd transform and provides an improved \u00e2\u20ac\u0153aes256\u00e2\u20ac\ufffd transform in its place. The broken implementation will remain in a deprecated state until it is removed in the next EdgeX major release to avoid breakage of existing software that depends on the broken implementation. As the broken transform is a library function that is not invoked by default, users who do not use the AES transform in their processing pipelines are unaffected. Those that are affected are urged to upgrade to the Jakarta EdgeX release and modify processing pipelines to use the new \"aes256\" transform.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T02:16:10.000000Z"}, {"uuid": "c50d1a47-d8c7-4ce4-8e0f-0f3202ae03a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "https://t.me/cibsecurity/32567", "content": "\u203c CVE-2021-41277 \u203c\n\nMetabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T22:20:55.000000Z"}, {"uuid": "50f61aee-5dd6-4cc4-9e68-622d3f5370ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41275", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/32557", "content": "\u203c CVE-2021-41275 \u203c\n\nspree_auth_devise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spree_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spree_auth_devise are affected if protect_from_forgery method is both: Executed whether as: A before_action callback (the default). A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception). Users are advised to update their spree_auth_devise gem. For users unable to update it may be possible to change your strategy to :exception. Please see the linked GHSA for more workaround details. ### Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `spree_auth_devise` are affected if `protect_from_forgery` method is both: * Executed whether as: * A before_action callback (the default) * A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). * Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception). That means that applications that haven't been configured differently from what it's generated with Rails aren't affected. Thanks @waiting-for-dev for reporting and providing a patch ? ### Patches Spree 4.3 users should update to spree_auth_devise 4.4.1 Spree 4.2 users should update to spree_auth_devise 4.2.1 ### Workarounds If possible, change your strategy to :exception: ```ruby class ApplicationController < ActionController::Base protect_from_forgery with: :exception end ``` Add the following to`config/application.rb `to at least run the `:exception` strategy on the affected controller: ```ruby config.after_initialize do Spree::UsersController.protect_from_forgery with: :exception end ``` ### References https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T22:15:07.000000Z"}, {"uuid": "9c4e1a8e-115d-4fde-9d65-de7052f1543f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41274", "type": "seen", "source": "https://t.me/cibsecurity/32543", "content": "\u203c CVE-2021-41274 \u203c\n\nsolidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidus_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `solidus_auth_devise` are affected if `protect_from_forgery` method is both: Executed whether as: A `before_action` callback (the default) or A `prepend_before_action` (option `prepend: true` given) before the `:load_object` hook in `Spree::UserController` (most likely order to find). Configured to use `:null_session` or `:reset_session` strategies (`:null_session` is the default in case the no strategy is given, but `rails --new` generated skeleton use `:exception`). Users should promptly update to `solidus_auth_devise` version `2.5.4`. Users unable to update should if possible, change their strategy to `:exception`. Please see the linked GHSA for more workaround details.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T22:14:48.000000Z"}, {"uuid": "4cf6cf57-8033-4570-ad74-f386e6f5428c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41271", "type": "seen", "source": "https://t.me/cibsecurity/32467", "content": "\u203c CVE-2021-41271 \u203c\n\nDiscourse is a platform for community discussion. In affected versions a maliciously crafted request could cause an error response to be cached by intermediate proxies. This could cause a loss of confidentiality for some content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-17T16:20:35.000000Z"}, {"uuid": "cc71c2b6-7aa8-43cb-8951-d5f57e9db11d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1642", "content": "#CVE-2021\n\nIt is a nmap script for metabase vulnerability (CVE-2021-41277)\n\nhttps://github.com/frknktlca/Metabase_Nmap_Script\n\n@BlueRedTeam", "creation_timestamp": "2022-01-19T18:55:18.000000Z"}, {"uuid": "2d2b51fb-c371-40db-99c4-b18bb59a5586", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/4802", "content": "#exploit\nCVE-2021-41277:\nMetaBase Arbitrary File Read\nhttps://github.com/0x0021h/expbox/blob/main/CVE-2021-41277.yaml", "creation_timestamp": "2021-11-21T13:45:01.000000Z"}, {"uuid": "ad5a6427-0605-4c1c-bb7c-d8e60321dece", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41277", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/4889", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (Nov 1-30)\nCVE-2021-22205 - GitLab CE/EE RCE\nhttps://t.me/cybersecuritytechnologies/4602\nCVE-2021-30883 - iOS IOMFB Vuln\nhttps://t.me/cybersecuritytechnologies/4497\nCVE-2021-3064 - Memory Corruption in PAN-OS GlobalProtect Portal/Gateway Interfaces\nhttps://t.me/cybersecuritytechnologies/4724\nCVE-2021-41379 - Windows Installer LPE\nhttps://t.me/cybersecuritytechnologies/4813\nCVE-2021-42321 - MS Exchange Post-Auth RCE\nhttps://t.me/cybersecuritytechnologies/4809\nCVE-2021-40539 - Zoho ManageEngine Auth. Bypass\nhttps://t.me/cybersecuritytechnologies/4718\nCVE-2021-41277 - MetaBase Arbitrary File Read\nhttps://t.me/cybersecuritytechnologies/4802\nCVE-2021-43267 - Remote Kernel Heap Overflow in TIPC\nhttps://t.me/cybersecuritytechnologies/4678\nCVE-2021-42574 - Unicode Bidirectional override vuln\nhttps://github.com/js-on/CVE-2021-42574\nhttps://github.com/pierDipi/unicode-control-characters-action\nCVE-2021-24084 - Windows MDM LPE\nhttps://t.me/cybersecuritytechnologies/4850", "creation_timestamp": "2021-12-03T11:00:35.000000Z"}]}