CVE-2021-28117 | Vulnerability Database | Aqua Security

libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)

Affected Software

Name	Vendor	Start Version	End Version
Discover	Kde	*	5.21.3 (excluding)
Plasma-discover	Ubuntu	bionic	*
Plasma-discover	Ubuntu	devel	*
Plasma-discover	Ubuntu	esm-apps/jammy	*
Plasma-discover	Ubuntu	esm-apps/noble	*
Plasma-discover	Ubuntu	focal	*
Plasma-discover	Ubuntu	groovy	*
Plasma-discover	Ubuntu	hirsute	*
Plasma-discover	Ubuntu	impish	*
Plasma-discover	Ubuntu	jammy	*
Plasma-discover	Ubuntu	kinetic	*
Plasma-discover	Ubuntu	lunar	*
Plasma-discover	Ubuntu	mantic	*
Plasma-discover	Ubuntu	noble	*
Plasma-discover	Ubuntu	oracular	*
Plasma-discover	Ubuntu	plucky	*
Plasma-discover	Ubuntu	questing	*
Plasma-discover	Ubuntu	trusty	*
Plasma-discover	Ubuntu	xenial	*

References

https://github.com/KDE/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356
https://github.com/KDE/discover/releases
https://invent.kde.org/plasma/discover/commit/94478827aab63d2e2321f0ca9ec5553718798e60
https://kde.org/info/security/advisory-20210310-1.txt
https://userbase.kde.org/Discover
https://github.com/KDE/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356
https://github.com/KDE/discover/releases
https://invent.kde.org/plasma/discover/commit/94478827aab63d2e2321f0ca9ec5553718798e60
https://kde.org/info/security/advisory-20210310-1.txt
https://userbase.kde.org/Discover

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-28117
CWE	https://cwe.mitre.org/data/definitions/.html