{"id":"CVE-2021-28117","details":"libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)","modified":"2026-05-18T21:05:33.527442Z","published":"2021-03-20T21:15:11.827Z","references":[{"type":"ADVISORY","url":"https://github.com/KDE/discover/releases"},{"type":"ADVISORY","url":"https://userbase.kde.org/Discover"},{"type":"FIX","url":"https://github.com/KDE/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356"},{"type":"FIX","url":"https://invent.kde.org/plasma/discover/commit/94478827aab63d2e2321f0ca9ec5553718798e60"},{"type":"FIX","url":"https://kde.org/info/security/advisory-20210310-1.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kde/discover","events":[{"introduced":"0"},{"fixed":"d96cf4bd89ca0572d0941cf63d93169e805e2780"},{"fixed":"fcd3b30552bf03a384b1a16f9bb8db029c111356"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"5.21.3"}],"cpe":"cpe:2.3:a:kde:discover:*:*:*:*:*:*:*:*"}}],"versions":["v5.21.2","v5.21.1","v5.21.0","v5.20.90","v5.18.6","v5.19.90","v5.18.90","v5.18.5","v5.18.4.1","v5.18.4","v5.18.3","v5.17.90","v5.16.90","v5.15.90","v5.14.90","v5.13.90","v5.12.90","v5.11.95","v5.10.95","v5.9.95","v5.8.95","v5.7.95","v5.6.95","v5.5.95","v5.4.95"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28117.json","vanir_signatures_modified":"2026-05-18T21:05:33Z","vanir_signatures":[{"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"libdiscover/backends/KNSBackend/KNSResource.cpp"},"id":"CVE-2021-28117-0bd05b69","digest":{"threshold":0.9,"line_hashes":["299753549578302202398139767977502403581","6233040012297922460003511610742293943","283159835798834203877797608197497803258","258756495566470153356750044255168866583"]},"source":"https://github.com/kde/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356"},{"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"function":"KNSResource::longDescription","file":"libdiscover/backends/KNSBackend/KNSResource.cpp"},"id":"CVE-2021-28117-e429c6f1","digest":{"function_hash":"227363872241428024300749278080191516221","length":686},"source":"https://github.com/kde/discover/commit/fcd3b30552bf03a384b1a16f9bb8db029c111356"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}