CVE-2021-3152
N/A
N/A
Summary
Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.home-assistant.io/blog/2021/01/14/security-bulletin/
- https://www.home-assistant.io/blog/2021/01/22/security-disclosure/
References
- https://www.home-assistant.io/blog/2021/01/14/security-bulletin/
- https://www.home-assistant.io/blog/2021/01/22/security-disclosure/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.