Description
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Remediation
References
Related Vulnerabilities
Jenkins Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2021-21615)
WordPress Plugin Copy or Move Comments Multiple Vulnerabilities (1.0.0)
WordPress Plugin VDZ Google Analytics or Google Tag Manager/GTM Cross-Site Scripting (1.5.5)
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-32566)