{"id":"CVE-2021-38370","details":"In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.","modified":"2026-03-15T21:59:43.272753Z","published":"2021-08-10T15:15:08.270Z","related":["openSUSE-SU-2024:12314-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202301-07"},{"type":"ADVISORY","url":"https://alpine.x10host.com"},{"type":"ADVISORY","url":"https://bugs.gentoo.org/807613#c4"},{"type":"EVIDENCE","url":"https://nostarttls.secvuln.info"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38370.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.25"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}