{"id":"CVE-2021-3152","details":"Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-traversal attacks against custom integrations. NOTE: the vendor's perspective is that the vulnerability itself is in custom integrations written by third parties, not in Home Assistant; however, Home Assistant does have a security update that is worthwhile in addressing this situation","modified":"2026-04-10T04:32:30.534614Z","published":"2021-01-26T18:16:27.770Z","references":[{"type":"ADVISORY","url":"https://www.home-assistant.io/blog/2021/01/14/security-bulletin/"},{"type":"ADVISORY","url":"https://www.home-assistant.io/blog/2021/01/22/security-disclosure/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/home-assistant/home-assistant","events":[{"introduced":"0"},{"fixed":"b4268edd6acd47c160119bd56809e292d73eebf3"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2021.1.3"}]}}],"versions":["0.103.0","0.103.0b0","0.103.0b1","0.103.1","0.103.2","0.103.3","0.103.4","0.103.5","0.103.6","0.104.0","0.104.1","0.104.2","0.104.3","0.105.0","0.105.1","0.105.2","0.105.3","0.105.4","0.105.5","0.106.0","0.106.1","0.106.2","0.106.3","0.106.4","0.106.5","0.106.6","0.107.0","0.107.1","0.107.2","0.107.3","0.107.4","0.107.5","0.107.6","0.107.7","0.108.0","0.108.1","0.108.2","0.108.3","0.108.4","0.108.5","0.108.6","0.108.7","0.108.8","0.108.9","0.109.0","0.109.1","0.109.2","0.109.3","0.109.4","0.109.5","0.109.6","0.110.0","0.110.1","0.110.2","0.110.3","0.110.4","0.110.5","0.110.6","0.110.7","0.111.0","0.111.1","0.111.2","0.111.3","0.111.4","0.112.0","0.112.1","0.112.2","0.112.3","0.112.4","0.112.5","0.113.0","0.113.1","0.113.2","0.113.3","0.114.0","0.114.1","0.114.2","0.114.3","0.114.4","0.115.0","0.115.1","0.115.2","0.115.3","0.115.4","0.115.5","0.115.6","0.116.0","0.116.1","0.116.2","0.116.3","0.116.4","0.117.0","0.117.1","0.117.2","0.117.3","0.117.4","0.117.5","0.117.6","0.118.0","0.118.1","0.118.2","0.118.3","0.118.4","0.118.5","0.28","0.7.6","0.81.1","2020.12.0","2020.12.1","2020.12.2","2021.1.0","2021.1.1","2021.1.2","Last-Python2-release"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3152.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}