Опубликовано: 14 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 6.1
Описание
Buildbot CRLF Injection
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-7313
- https://github.com/buildbot/buildbot/pull/4584
- https://github.com/buildbot/buildbot/commit/e781f110933e05ecdb30abc64327a2c7c9ff9c5a
- https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code
- https://github.com/pypa/advisory-database/tree/main/vulns/buildbot/PYSEC-2019-7.yaml
Пакеты
Наименование
buildbot
pip
Затронутые версииВерсия исправления
>= 0.9.0, < 1.8.1
1.8.1
Связанные уязвимости
CVSS3: 6.1
ubuntu
около 7 лет назад
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.
CVSS3: 6.1
nvd
около 7 лет назад
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.
CVSS3: 6.1
debian
около 7 лет назад
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the ...