diff --git a/backport-CVE-2021-21300.patch b/backport-CVE-2021-21300.patch deleted file mode 100644 index ed4f2a79b905bc300415ea71313d35ec3592e087..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-21300.patch +++ /dev/null @@ -1,382 +0,0 @@ -From 684dd4c2b414bcf648505e74498a608f28de4592 Mon Sep 17 00:00:00 2001 -From: Matheus Tavares -Date: Thu, 10 Dec 2020 10:27:55 -0300 -Subject: [PATCH] checkout: fix bug that makes checkout follow symlinks in - leading path - -Before checking out a file, we have to confirm that all of its leading -components are real existing directories. And to reduce the number of -lstat() calls in this process, we cache the last leading path known to -contain only directories. However, when a path collision occurs (e.g. -when checking out case-sensitive files in case-insensitive file -systems), a cached path might have its file type changed on disk, -leaving the cache on an invalid state. Normally, this doesn't bring -any bad consequences as we usually check out files in index order, and -therefore, by the time the cached path becomes outdated, we no longer -need it anyway (because all files in that directory would have already -been written). - -But, there are some users of the checkout machinery that do not always -follow the index order. In particular: checkout-index writes the paths -in the same order that they appear on the CLI (or stdin); and the -delayed checkout feature -- used when a long-running filter process -replies with "status=delayed" -- postpones the checkout of some entries, -thus modifying the checkout order. - -When we have to check out an out-of-order entry and the lstat() cache is -invalid (due to a previous path collision), checkout_entry() may end up -using the invalid data and thrusting that the leading components are -real directories when, in reality, they are not. In the best case -scenario, where the directory was replaced by a regular file, the user -will get an error: "fatal: unable to create file 'foo/bar': Not a -directory". But if the directory was replaced by a symlink, checkout -could actually end up following the symlink and writing the file at a -wrong place, even outside the repository. Since delayed checkout is -affected by this bug, it could be used by an attacker to write -arbitrary files during the clone of a maliciously crafted repository. - -Some candidate solutions considered were to disable the lstat() cache -during unordered checkouts or sort the entries before passing them to -the checkout machinery. But both ideas include some performance penalty -and they don't future-proof the code against new unordered use cases. - -Instead, we now manually reset the lstat cache whenever we successfully -remove a directory. Note: We are not even checking whether the directory -was the same as the lstat cache points to because we might face a -scenario where the paths refer to the same location but differ due to -case folding, precomposed UTF-8 issues, or the presence of `..` -components in the path. Two regression tests, with case-collisions and -utf8-collisions, are also added for both checkout-index and delayed -checkout. - -Note: to make the previously mentioned clone attack unfeasible, it would -be sufficient to reset the lstat cache only after the remove_subtree() -call inside checkout_entry(). This is the place where we would remove a -directory whose path collides with the path of another entry that we are -currently trying to check out (possibly a symlink). However, in the -interest of a thorough fix that does not leave Git open to -similar-but-not-identical attack vectors, we decided to intercept -all `rmdir()` calls in one fell swoop. - -This addresses CVE-2021-21300. - -Co-authored-by: Johannes Schindelin -Signed-off-by: Matheus Tavares ---- - cache.h | 1 + - compat/mingw.c | 2 + - git-compat-util.h | 5 +++ - run-command.c | 9 ++++- - symlinks.c | 24 +++++++++++ - t/t0021-conversion.sh | 71 +++++++++++++++++++++++++++++++++ - t/t0021/rot13-filter.pl | 21 ++++++++-- - t/t2006-checkout-index-basic.sh | 40 +++++++++++++++++++ - unpack-trees.c | 3 ++ - 9 files changed, 172 insertions(+), 4 deletions(-) - -diff --git a/cache.h b/cache.h -index 7109765..0a0b32f 100644 ---- a/cache.h -+++ b/cache.h -@@ -1657,6 +1657,7 @@ int has_symlink_leading_path(const char *name, int len); - int threaded_has_symlink_leading_path(struct cache_def *, const char *, int); - int check_leading_path(const char *name, int len); - int has_dirs_only_path(const char *name, int len, int prefix_len); -+void invalidate_lstat_cache(void); - void schedule_dir_for_removal(const char *name, int len); - void remove_scheduled_dirs(void); - -diff --git a/compat/mingw.c b/compat/mingw.c -index a00f331..a435998 100644 ---- a/compat/mingw.c -+++ b/compat/mingw.c -@@ -367,6 +367,8 @@ int mingw_rmdir(const char *pathname) - ask_yes_no_if_possible("Deletion of directory '%s' failed. " - "Should I try again?", pathname)) - ret = _wrmdir(wpathname); -+ if (!ret) -+ invalidate_lstat_cache(); - return ret; - } - -diff --git a/git-compat-util.h b/git-compat-util.h -index 104993b..7d3db43 100644 ---- a/git-compat-util.h -+++ b/git-compat-util.h -@@ -349,6 +349,11 @@ static inline int noop_core_config(const char *var, const char *value, void *cb) - #define platform_core_config noop_core_config - #endif - -+int lstat_cache_aware_rmdir(const char *path); -+#if !defined(__MINGW32__) && !defined(_MSC_VER) -+#define rmdir lstat_cache_aware_rmdir -+#endif -+ - #ifndef has_dos_drive_prefix - static inline int git_has_dos_drive_prefix(const char *path) - { -diff --git a/run-command.c b/run-command.c -index ea4d0fb..25fbab2 100644 ---- a/run-command.c -+++ b/run-command.c -@@ -990,6 +990,7 @@ int finish_command(struct child_process *cmd) - int ret = wait_or_whine(cmd->pid, cmd->argv[0], 0); - trace2_child_exit(cmd, ret); - child_process_clear(cmd); -+ invalidate_lstat_cache(); - return ret; - } - -@@ -1291,13 +1292,19 @@ int start_async(struct async *async) - int finish_async(struct async *async) - { - #ifdef NO_PTHREADS -- return wait_or_whine(async->pid, "child process", 0); -+ int ret = wait_or_whine(async->pid, "child process", 0); -+ -+ invalidate_lstat_cache(); -+ -+ return ret; - #else - void *ret = (void *)(intptr_t)(-1); - - if (pthread_join(async->tid, &ret)) - error("pthread_join failed"); -+ invalidate_lstat_cache(); - return (int)(intptr_t)ret; -+ - #endif - } - -diff --git a/symlinks.c b/symlinks.c -index 69d458a..7dbb6b2 100644 ---- a/symlinks.c -+++ b/symlinks.c -@@ -267,6 +267,13 @@ int has_dirs_only_path(const char *name, int len, int prefix_len) - */ - static int threaded_has_dirs_only_path(struct cache_def *cache, const char *name, int len, int prefix_len) - { -+ /* -+ * Note: this function is used by the checkout machinery, which also -+ * takes care to properly reset the cache when it performs an operation -+ * that would leave the cache outdated. If this function starts caching -+ * anything else besides FL_DIR, remember to also invalidate the cache -+ * when creating or deleting paths that might be in the cache. -+ */ - return lstat_cache(cache, name, len, - FL_DIR|FL_FULLPATH, prefix_len) & - FL_DIR; -@@ -321,3 +328,20 @@ void remove_scheduled_dirs(void) - { - do_remove_scheduled_dirs(0); - } -+ -+void invalidate_lstat_cache(void) -+{ -+ reset_lstat_cache(&default_cache); -+} -+ -+#undef rmdir -+int lstat_cache_aware_rmdir(const char *path) -+{ -+ /* Any change in this function must be made also in `mingw_rmdir()` */ -+ int ret = rmdir(path); -+ -+ if (!ret) -+ invalidate_lstat_cache(); -+ -+ return ret; -+} -diff --git a/t/t0021-conversion.sh b/t/t0021-conversion.sh -index f6deaf4..cd15ddf 100755 ---- a/t/t0021-conversion.sh -+++ b/t/t0021-conversion.sh -@@ -953,4 +953,75 @@ test_expect_success PERL 'invalid file in delayed checkout' ' - grep "error: external filter .* signaled that .unfiltered. is now available although it has not been delayed earlier" git-stderr.log - ' - -+for mode in 'case' 'utf-8' -+do -+ case "$mode" in -+ case) dir='A' symlink='a' mode_prereq='CASE_INSENSITIVE_FS' ;; -+ utf-8) -+ dir=$(printf "\141\314\210") symlink=$(printf "\303\244") -+ mode_prereq='UTF8_NFD_TO_NFC' ;; -+ esac -+ -+ test_expect_success PERL,SYMLINKS,$mode_prereq \ -+ "delayed checkout with $mode-collision don't write to the wrong place" ' -+ test_config_global filter.delay.process \ -+ "\"$TEST_ROOT/rot13-filter.pl\" --always-delay delayed.log clean smudge delay" && -+ test_config_global filter.delay.required true && -+ git init $mode-collision && -+ ( -+ cd $mode-collision && -+ mkdir target-dir && -+ empty_oid=$(printf "" | git hash-object -w --stdin) && -+ symlink_oid=$(printf "%s" "$PWD/target-dir" | git hash-object -w --stdin) && -+ attr_oid=$(echo "$dir/z filter=delay" | git hash-object -w --stdin) && -+ cat >objs <<-EOF && -+ 100644 blob $empty_oid $dir/x -+ 100644 blob $empty_oid $dir/y -+ 100644 blob $empty_oid $dir/z -+ 120000 blob $symlink_oid $symlink -+ 100644 blob $attr_oid .gitattributes -+ EOF -+ git update-index --index-info objs <<-EOF && -+ 100644 blob $empty_oid A/B/x -+ 100644 blob $empty_oid A/B/y -+ 100644 blob $attr_oid .gitattributes -+ EOF -+ git update-index --index-info objs && -+ git -C a update-index --index-info - # -+# Log path defines a debug log file that the script writes to. The -+# subsequent arguments define a list of supported protocol capabilities -+# ("clean", "smudge", etc). -+# -+# When --always-delay is given all pathnames with the "can-delay" flag -+# that don't appear on the list bellow are delayed with a count of 1 -+# (see more below). -+# - # This implementation supports special test cases: - # (1) If data with the pathname "clean-write-fail.r" is processed with - # a "clean" operation then the write operation will die. -@@ -53,6 +59,13 @@ sub gitperllib { - use Git::Packet; - - my $MAX_PACKET_CONTENT_SIZE = 65516; -+ -+my $always_delay = 0; -+if ( $ARGV[0] eq '--always-delay' ) { -+ $always_delay = 1; -+ shift @ARGV; -+} -+ - my $log_file = shift @ARGV; - my @capabilities = @ARGV; - -@@ -134,6 +147,8 @@ sub rot13 { - if ( $buffer eq "can-delay=1" ) { - if ( exists $DELAY{$pathname} and $DELAY{$pathname}{"requested"} == 0 ) { - $DELAY{$pathname}{"requested"} = 1; -+ } elsif ( !exists $DELAY{$pathname} and $always_delay ) { -+ $DELAY{$pathname} = { "requested" => 1, "count" => 1 }; - } - } elsif ($buffer =~ /^(ref|treeish|blob)=/) { - print $debug " $buffer"; -diff --git a/t/t2006-checkout-index-basic.sh b/t/t2006-checkout-index-basic.sh -index 8e181db..602d8fe 100755 ---- a/t/t2006-checkout-index-basic.sh -+++ b/t/t2006-checkout-index-basic.sh -@@ -32,4 +32,44 @@ test_expect_success 'checkout-index reports errors (stdin)' ' - test_i18ngrep not.in.the.cache stderr - ' - -+for mode in 'case' 'utf-8' -+do -+ case "$mode" in -+ case) dir='A' symlink='a' mode_prereq='CASE_INSENSITIVE_FS' ;; -+ utf-8) -+ dir=$(printf "\141\314\210") symlink=$(printf "\303\244") -+ mode_prereq='UTF8_NFD_TO_NFC' ;; -+ esac -+ -+ test_expect_success SYMLINKS,$mode_prereq \ -+ "checkout-index with $mode-collision don't write to the wrong place" ' -+ git init $mode-collision && -+ ( -+ cd $mode-collision && -+ mkdir target-dir && -+ empty_obj_hex=$(git hash-object -w --stdin objs <<-EOF && -+ 100644 blob ${empty_obj_hex} ${dir}/x -+ 100644 blob ${empty_obj_hex} ${dir}/y -+ 100644 blob ${empty_obj_hex} ${dir}/z -+ 120000 blob ${symlink_hex} ${symlink} -+ EOF -+ git update-index --index-info -Date: Thu, 29 Apr 2021 21:11:44 +0100 -Subject: [PATCH] cygwin: disallow backslashes in file names - -The backslash character is not a valid part of a file name on Windows. -If, in Windows, Git attempts to write a file that has a backslash -character in the filename, it will be incorrectly interpreted as a -directory separator. - -This caused CVE-2019-1354 in MinGW, as this behaviour can be manipulated -to cause the checkout to write to files it ought not write to, such as -adding code to the .git/hooks directory. This was fixed by e1d911dd4c -(mingw: disallow backslash characters in tree objects' file names, -2019-09-12). However, the vulnerability also exists in Cygwin: while -Cygwin mostly provides a POSIX-like path system, it will still interpret -a backslash as a directory separator. - -To avoid this vulnerability, CVE-2021-29468, extend the previous fix to -also apply to Cygwin. - -Similarly, extend the test case added by the previous version of the -commit. The test suite doesn't have an easy way to say "run this test -if in MinGW or Cygwin", so add a new test prerequisite that covers both. - -As well as checking behaviour in the presence of paths containing -backslashes, the existing test also checks behaviour in the presence of -paths that differ only by the presence of a trailing ".". MinGW follows -normal Windows application behaviour and treats them as the same path, -but Cygwin more closely emulates *nix systems (at the expense of -compatibility with native Windows applications) and will create and -distinguish between such paths. Gate the relevant bit of that test -accordingly. - -Reported-by: RyotaK -Helped-by: Johannes Schindelin -Signed-off-by: Adam Dinwoodie -Signed-off-by: Junio C Hamano ---- - read-cache.c | 2 +- - t/t7415-submodule-names.sh | 13 ++++++++----- - t/test-lib.sh | 2 ++ - 3 files changed, 11 insertions(+), 6 deletions(-) - -diff --git a/read-cache.c b/read-cache.c -index 5a907af..b6c13bc 100644 ---- a/read-cache.c -+++ b/read-cache.c -@@ -985,7 +985,7 @@ int verify_path(const char *path, unsigned mode) - } - } - if (protect_ntfs) { --#ifdef GIT_WINDOWS_NATIVE -+#if defined GIT_WINDOWS_NATIVE || defined __CYGWIN__ - if (c == '\\') - return 0; - #endif -diff --git a/t/t7415-submodule-names.sh b/t/t7415-submodule-names.sh -index f70368b..6bf098a 100755 ---- a/t/t7415-submodule-names.sh -+++ b/t/t7415-submodule-names.sh -@@ -191,7 +191,7 @@ test_expect_success 'fsck detects corrupt .gitmodules' ' - ) - ' - --test_expect_success MINGW 'prevent git~1 squatting on Windows' ' -+test_expect_success WINDOWS 'prevent git~1 squatting on Windows' ' - git init squatting && - ( - cd squatting && -@@ -219,10 +219,13 @@ test_expect_success MINGW 'prevent git~1 squatting on Windows' ' - test_tick && - git -c core.protectNTFS=false commit -m "module" - ) && -- test_must_fail git -c core.protectNTFS=false \ -- clone --recurse-submodules squatting squatting-clone 2>err && -- test_i18ngrep -e "directory not empty" -e "not an empty directory" err && -- ! grep gitdir squatting-clone/d/a/git~2 -+ if test_have_prereq MINGW -+ then -+ test_must_fail git -c core.protectNTFS=false \ -+ clone --recurse-submodules squatting squatting-clone 2>err && -+ test_i18ngrep -e "directory not empty" -e "not an empty directory" err && -+ ! grep gitdir squatting-clone/d/a/git~2 -+ fi - ' - - test_expect_success 'git dirs of sibling submodules must not be nested' ' -diff --git a/t/test-lib.sh b/t/test-lib.sh -index d3f6af6..e84b8c8 100644 ---- a/t/test-lib.sh -+++ b/t/test-lib.sh -@@ -1457,6 +1457,7 @@ case $uname_s in - test_set_prereq NATIVE_CRLF - test_set_prereq SED_STRIPS_CR - test_set_prereq GREP_STRIPS_CR -+ test_set_prereq WINDOWS - GIT_TEST_CMP=mingw_test_cmp - ;; - *CYGWIN*) -@@ -1465,6 +1466,7 @@ case $uname_s in - test_set_prereq CYGWIN - test_set_prereq SED_STRIPS_CR - test_set_prereq GREP_STRIPS_CR -+ test_set_prereq WINDOWS - ;; - *) - test_set_prereq POSIXPERM --- -1.8.3.1 - diff --git a/backport-CVE-2021-40330.patch b/backport-CVE-2021-40330.patch deleted file mode 100644 index 690c3623a3c6a14e76bd79b2416e77aa87fc76ad..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-40330.patch +++ /dev/null @@ -1,104 +0,0 @@ -From a02ea577174ab8ed18f847cf1693f213e0b9c473 Mon Sep 17 00:00:00 2001 -From: Jeff King -Date: Thu, 7 Jan 2021 04:43:58 -0500 -Subject: [PATCH] git_connect_git(): forbid newlines in host and path - -When we connect to a git:// server, we send an initial request that -looks something like: - - 002dgit-upload-pack repo.git\0host=example.com - -If the repo path contains a newline, then it's included literally, and -we get: - - 002egit-upload-pack repo - .git\0host=example.com - -This works fine if you really do have a newline in your repository name; -the server side uses the pktline framing to parse the string, not -newlines. However, there are many _other_ protocols in the wild that do -parse on newlines, such as HTTP. So a carefully constructed git:// URL -can actually turn into a valid HTTP request. For example: - - git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 %0d%0aHost:localhost%0d%0a%0d%0a - -becomes: - - 0050git-upload-pack / - GET / HTTP/1.1 - Host:localhost - - host=localhost:1234 - -on the wire. Again, this isn't a problem for a real Git server, but it -does mean that feeding a malicious URL to Git (e.g., through a -submodule) can cause it to make unexpected cross-protocol requests. -Since repository names with newlines are presumably quite rare (and -indeed, we already disallow them in git-over-http), let's just disallow -them over this protocol. - -Hostnames could likewise inject a newline, but this is unlikely a -problem in practice; we'd try resolving the hostname with a newline in -it, which wouldn't work. Still, it doesn't hurt to err on the side of -caution there, since we would not expect them to work in the first -place. - -The ssh and local code paths are unaffected by this patch. In both cases -we're trying to run upload-pack via a shell, and will quote the newline -so that it makes it intact. An attacker can point an ssh url at an -arbitrary port, of course, but unless there's an actual ssh server -there, we'd never get as far as sending our shell command anyway. We -_could_ similarly restrict newlines in those protocols out of caution, -but there seems little benefit to doing so. - -The new test here is run alongside the git-daemon tests, which cover the -same protocol, but it shouldn't actually contact the daemon at all. In -theory we could make the test more robust by setting up an actual -repository with a newline in it (so that our clone would succeed if our -new check didn't kick in). But a repo directory with newline in it is -likely not portable across all filesystems. Likewise, we could check -git-daemon's log that it was not contacted at all, but we do not -currently record the log (and anyway, it would make the test racy with -the daemon's log write). We'll just check the client-side stderr to make -sure we hit the expected code path. - -Reported-by: Harold Kim -Signed-off-by: Jeff King -Signed-off-by: Junio C Hamano ---- - connect.c | 2 ++ - t/t5570-git-daemon.sh | 5 +++++ - 2 files changed, 7 insertions(+) - -diff --git a/connect.c b/connect.c -index 79f1b3b24257a1..7b4b65751d43d4 100644 ---- a/connect.c -+++ b/connect.c -@@ -1063,6 +1063,8 @@ static struct child_process *git_connect_git(int fd[2], char *hostandport, - target_host = xstrdup(hostandport); - - transport_check_allowed("git"); -+ if (strchr(target_host, '\n') || strchr(path, '\n')) -+ die(_("newline is forbidden in git:// hosts and repo paths")); - - /* - * These underlying connection commands die() if they -diff --git a/t/t5570-git-daemon.sh b/t/t5570-git-daemon.sh -index 7466aad111fe4e..336d417a90f871 100755 ---- a/t/t5570-git-daemon.sh -+++ b/t/t5570-git-daemon.sh -@@ -102,6 +102,11 @@ test_expect_success 'fetch notices corrupt idx' ' - ) - ' - -+test_expect_success 'client refuses to ask for repo with newline' ' -+ test_must_fail git clone "$GIT_DAEMON_URL/repo$LF.git" dst 2>stderr && -+ test_i18ngrep newline.is.forbidden stderr -+' -+ - test_remote_error() - { - do_export=YesPlease --- -2.27.0 - diff --git a/git-2.30.0.tar.sign b/git-2.30.0.tar.sign deleted file mode 100644 index 5f9636f95c949ef5338ecb004ee81295d6342ba9..0000000000000000000000000000000000000000 Binary files a/git-2.30.0.tar.sign and /dev/null differ diff --git a/git-2.33.0.tar.sign b/git-2.33.0.tar.sign new file mode 100644 index 0000000000000000000000000000000000000000..f7d84d6aec63720942efab3862157516ab82ad6e Binary files /dev/null and b/git-2.33.0.tar.sign differ diff --git a/git-2.30.0.tar.xz b/git-2.33.0.tar.xz similarity index 45% rename from git-2.30.0.tar.xz rename to git-2.33.0.tar.xz index 803474c03a651fa7589a92d6dbe86895fcdfb5da..ca4f16557f7f0a61d72ca6999e836ac708618d60 100644 Binary files a/git-2.30.0.tar.xz and b/git-2.33.0.tar.xz differ diff --git a/git.spec b/git.spec index cd9fe0641e10738abcedd79fb54b4ab30c16eaa4..a7ff49b095d5b65597f95b45ac878b7238354195 100644 --- a/git.spec +++ b/git.spec @@ -1,7 +1,7 @@ %global gitexecdir %{_libexecdir}/git-core Name: git -Version: 2.30.0 -Release: 6 +Version: 2.33.0 +Release: 1 Summary: A popular and widely used Version Control System License: GPLv2+ or LGPLv2.1 URL: https://git-scm.com/ @@ -12,10 +12,6 @@ Source100: git-gui.desktop Source101: git@.service.in Source102: git.socket -Patch1: backport-CVE-2021-21300.patch -Patch2: backport-CVE-2021-29468-cygwin-disallow-backslashes-in-file-names.patch -Patch3: backport-CVE-2021-40330.patch - BuildRequires: gcc gettext BuildRequires: openssl-devel libcurl-devel expat-devel systemd asciidoc xmlto glib2-devel libsecret-devel pcre-devel desktop-file-utils BuildRequires: python3-devel perl-generators perl-interpreter perl-Error perl(Test::More) perl-MailTools perl(Test) @@ -138,10 +134,8 @@ NO_PERL_CPAN_FALLBACKS = 1 EOF # Default using python3 -sed -i '1s@#![ ]*/usr/bin/env python@#!%{__python3}@' \ - contrib/hooks/multimail/git_multimail.py \ - contrib/hooks/multimail/migrate-mailhook-config \ - contrib/hooks/multimail/post-receive.example +sed -i -e '1s@#!\( */usr/bin/env python\|%{__python2}\)$@#!%{__python3}@' \ + contrib/hg-to-git/hg-to-git.py %make_build %make_build -C contrib/subtree/ @@ -165,11 +159,7 @@ ln -s git %{buildroot}%{_datadir}/bash-completion/completions/gitk # install contrib to git-core mkdir -p %{buildroot}%{_datadir}/git-core/contrib/completion -mv contrib/hooks/multimail/git_multimail{.py,} -mv contrib/hooks %{buildroot}%{_datadir}/git-core/contrib install -p -m 644 contrib/completion/git-completion.tcsh %{buildroot}%{_datadir}/git-core/contrib/completion/ -install -p -m 644 contrib/completion/git-prompt.sh %{buildroot}%{_datadir}/git-core/contrib/completion/ -install -D -p -m 0755 contrib/diff-highlight/diff-highlight %{buildroot}%{_datadir}/git-core/contrib/diff-highlight # install root path for gitweb mkdir -p %{buildroot}%{_localstatedir}/lib/git @@ -264,6 +254,9 @@ make %{?_smp_mflags} test %{_mandir}/man7/git*.7.* %changelog +* Thu Dec 2 2021 zoulin - 2.33.0-1 +- update version to 2.33.0 + * Fri Sep 10 2021 fuanan - 2.30.0-6 - Type:CVE - ID:CVE-2021-40330