The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.
Base Score: 7.5
Impact Score: 6.4
Exploitability Score: 10
Base Score: 6.5
Impact Score: 2.5
Exploitability Score: 3.9
cpe:2.3:a:elog_project:elog:*:*:*:*:*:*:*:* versions up to 3.1.4-57bea22 (inclusive)