{"id":"CVE-2021-32054","details":"Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser.","modified":"2026-03-10T23:34:57.454526Z","published":"2021-05-14T21:15:07.490Z","references":[{"type":"WEB"},{"type":"ADVISORY","url":"https://github.com/FirelyTeam/spark/releases/tag/v1.5.5-r4"},{"type":"FIX","url":"https://github.com/FirelyTeam/spark/compare/v1.5.4-r4...v1.5.5-r4"},{"type":"FIX","url":"https://github.com/FirelyTeam/spark/commit/9c79320059f92d8aa4fbd6cc4fa8f9d5d6ba9941"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/FirelyTeam/spark","events":[{"introduced":"0"},{"last_affected":"2c18a56cb65a12c0586890bbde1894cdf06cdecb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.5.4"}]}},{"repo":"https://github.com/firelyteam/spark","events":[{"introduced":"0"},{"fixed":"9c79320059f92d8aa4fbd6cc4fa8f9d5d6ba9941"},{"fixed":"ed1958f9cb9ec363147f5c41493df06ffd4cde3a"}]}],"versions":["1.3.0-andytest11","WGM2014","v1.2.0-dstu2","v1.2.0-r4","v1.2.0-stu3","v1.2.1-dstu2","v1.2.1-r4","v1.2.1-stu3","v1.3-dstu2","v1.3-r4","v1.3-stu3","v1.4-beta01-dstu2","v1.4-beta01-r4","v1.4-beta01-stu3","v1.4-dstu2","v1.4-r4","v1.4-stu3","v1.4.1-dstu2","v1.4.1-r4","v1.4.1-stu3","v1.5-dstu2","v1.5-r4","v1.5-stu3","v3.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32054.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}