CVE-2021-38712
7.5 HIGHOneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents
Published: 2021-08-16 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-668
Affected products
| Vendor | Product |
|---|---|
| onenav | onenav |
Description
OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-38712
- [Exploit reference]https://github.com/helloxz/onenav/issues/25
- [Exploit reference]https://github.com/helloxz/onenav/issues/25
Related CVEs
Same vendor
- CVE-2021-38138 — OneNav beta 0.9.12 allows XSS via the Add Link feature (5.4 MEDIUM)
Same CWE
- CVE-2026-53826 — OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace ... (4.3 MEDIUM)
- CVE-2026-47141 — vm2 is an open source vm/sandbox for Node.js
- CVE-2026-48096 — OpenFGA is an authorization/permission engine built for developers (5.0 MEDIUM)
- CVE-2026-42535 — A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV proper... (9.1 CRITICAL)
- CVE-2025-15653 — Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unau... (6.8 MEDIUM)