{"id":"CVE-2021-36377","details":"Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.","modified":"2026-04-16T04:42:16.760911755Z","published":"2021-07-12T13:15:08.177Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBTRZ5HCOUTIIKJF3T37NORI4P7EVYCY/"},{"type":"ADVISORY","url":"https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.14.2"}]},{"events":[{"introduced":"2.15.0"},{"fixed":"2.15.2"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36377.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}