exploitDog

CVE-2021-43410

Опубликовано: 09 дек. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https://github.com/apache/airavata-django-portal/commit/3c5d8c72bfc3eb0af8693a655a5d60f9273f8170

Ссылки

https://lists.apache.org/thread/q64h16ofdxk29soz3jj561nysnzcrl31
Mailing List
Vendor Advisory
https://lists.apache.org/thread/q64h16ofdxk29soz3jj561nysnzcrl31
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:airavata_django_portal:*:*:*:*:*:*:*:*

Версия до 2021-12-06 (исключая)

EPSS

Процентиль: 88%

0.03878

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-117

CWE-116

Связанные уязвимости

GHSA-675q-g72p-gc3c

github

около 4 лет назад

Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https://github.com/apache/airavata-django-portal/commit/3c5d8c72bfc3eb0af8693a655a5d60f9273f8170

EPSS

Процентиль: 88%

0.03878

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-117

CWE-116