CVE-2021-28681: Incorrect Authorization

May 25, 2021

Pion WebRTC before 3.0.15 didn’t properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn’t allow the user to continue if verification has failed.)

References

github.com/advisories/GHSA-74xm-qj29-cq8p
github.com/pion/webrtc/issues/1708
github.com/pion/webrtc/pull/1709
github.com/pion/webrtc/security/advisories/GHSA-74xm-qj29-cq8p
nvd.nist.gov/vuln/detail/CVE-2021-28681

Detect and mitigate CVE-2021-28681 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →