CVE-2021-2322: 
NixOS vulnerability analysis and mitigation

CVE-2021-2322 is a vulnerability discovered in OpenGrok's Web App component affecting versions 1.6.7 and prior. The vulnerability was disclosed on June 23, 2021, and is characterized as an easily exploitable security flaw that allows low-privileged attackers with network access via HTTPS to potentially compromise OpenGrok (NVD).

The vulnerability has been assigned a CVSS 3.1 Base Score of 8.8 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates network accessibility, low attack complexity, requirement of low privileges, no user interaction, and high impacts on confidentiality, integrity, and availability. The vulnerability is classified as CWE-91, which relates to XML Injection (aka Blind XPath Injection) (NVD).

Successful exploitation of this vulnerability can result in complete takeover of OpenGrok, potentially compromising the confidentiality, integrity, and availability of the affected system (NVD).

A fix for this vulnerability has been implemented and can be found in the OpenGrok GitHub repository (Oracle CVE). Users should upgrade to versions newer than 1.6.7 to mitigate this vulnerability.