{"id":"CVE-2021-20718","details":"mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.","modified":"2026-04-02T06:46:31.245779Z","published":"2021-05-20T02:15:07.117Z","related":["MGASA-2021-0280","SUSE-SU-2021:1900-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HJK366TLFEOIYWTHQSZO24MSDPBXHJU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FV4KYMQWPS3I2QPW2C253MLIAFGBZPLK/"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"ADVISORY","url":"https://www.zmartzone.eu/"},{"type":"ADVISORY","url":"https://jvn.jp/en/jp/JVN49704918/index.html"},{"type":"PACKAGE","url":"https://github.com/zmartzone/mod_auth_openidc"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openidc/mod_auth_openidc","events":[{"introduced":"7783ea7e9dd69a99ddb0221af1935624d1841f51"},{"last_affected":"f27ec497a7fab7a7c3d69fa9462c8369d6f2a98a"}],"database_specific":{"versions":[{"introduced":"2.4.0"},{"last_affected":"2.4.7"}]}}],"versions":["v2.4.0","v2.4.0.1","v2.4.0.2","v2.4.0.3","v2.4.0.4","v2.4.1","v2.4.2","v2.4.2.1","v2.4.3","v2.4.4","v2.4.4.1","v2.4.5","v2.4.6","v2.4.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20718.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"fixed":"21.3"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}