Количество 10
Количество 10
CVE-2021-3524
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
CVE-2021-3524
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
CVE-2021-3524
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
CVE-2021-3524
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...
GHSA-3rmw-wm6w-rmcr
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created.
BDU:2021-03709
Уязвимость системы хранения данных Ceph, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных
openSUSE-SU-2021:1834-1
Security update for ceph
openSUSE-SU-2021:0833-1
Security update for ceph
SUSE-SU-2021:1835-1
Security update for ceph
SUSE-SU-2021:1834-1
Security update for ceph
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-3524 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created. | CVSS3: 6.5 | 1% Низкий | больше 4 лет назад |
 | CVE-2021-3524 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created. | CVSS3: 6.5 | 1% Низкий | почти 5 лет назад |
 | CVE-2021-3524 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created. | CVSS3: 6.5 | 1% Низкий | больше 4 лет назад |
| CVE-2021-3524 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ... | CVSS3: 6.5 | 1% Низкий | больше 4 лет назад |
| GHSA-3rmw-wm6w-rmcr A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created. | CVSS3: 6.5 | 1% Низкий | больше 3 лет назад |
 | BDU:2021-03709 Уязвимость системы хранения данных Ceph, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 6.5 | 1% Низкий | больше 4 лет назад |
 | openSUSE-SU-2021:1834-1 Security update for ceph | больше 4 лет назад | ||
| openSUSE-SU-2021:0833-1 Security update for ceph | больше 4 лет назад | ||
| SUSE-SU-2021:1835-1 Security update for ceph | больше 4 лет назад | ||
| SUSE-SU-2021:1834-1 Security update for ceph | больше 4 лет назад |
Уязвимостей на страницу