{"id":"CVE-2021-30141","details":"Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states \"the feature still requires a valid authentication cookie even if the route is accessible to non-logged users.","modified":"2026-04-10T04:32:05.243920Z","published":"2021-04-05T23:15:12.190Z","references":[{"type":"FIX","url":"https://github.com/friendica/friendica/pull/10113/commits/acbcc56754121ba080eac5b6fdf69e64ed7fe453"},{"type":"EVIDENCE","url":"https://github.com/friendica/friendica/issues/10110"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/friendica/friendica","events":[{"introduced":"0"},{"last_affected":"4dcdcd4d6fd4d4b3639a5e0f6a07cc7c47ba255f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2021.01"}]}}],"versions":["2.2","2.21","2.3","2.32","2.33","2.34","2.35","2.37","2.38","2.39","2.3beta1","2.3beta2","2019.01","2019.03","2019.09","2020.03","2020.07","2020.09-1","2021.01","3.0","3.01","3.1","3.2","3.3","3.3-RC","3.5.3","3.5.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30141.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}