Home > Vulnerability Database > CVE-2021-21323

Mend.io Vulnerability Database

CVE-2021-21323

Date: February 23, 2021

Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adblocking enabled would leak DNS requests from Tor windows to their DNS provider. (DNS requests that were not initiated by CNAME adblocking would go through Tor as expected.) This is fixed in Brave version 1.20.108

Language: C++

Severity Score

4.3

Related Resources (7)

Url: https://github.com/brave/brave-core/pull/7769

Url: https://github.com/brave/brave-browser/security/advisories/GHSA-mqjf-9x5g-2rv6

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-21323

Url: https://github.com/brave/brave-core/commit/12fe321eaad8acc1cbd1d70b4128f687777bcf15

Url: https://hackerone.com/reports/1077022

Url: https://github.com/brave/brave-browser/issues/13527

Url: https://www.mend.io/vulnerability-database/CVE-2021-21323

Severity Score

4.3

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-21323

Date: February 23, 2021

Language: C++

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?