CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
History
21 Nov 2024, 01:28
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/45501 - Vendor Advisory | |
References | () http://www.bugzilla.org/security/3.4.11/ - Vendor Advisory | |
References | () http://www.debian.org/security/2011/dsa-2322 - | |
References | () http://www.osvdb.org/74300 - | |
References | () http://www.securityfocus.com/bid/49042 - | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=657158 - Patch | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/69035 - |
Information
Published : 2011-08-09 19:55
Updated : 2024-11-21 01:28
NVD link : CVE-2011-2381
Mitre link : CVE-2011-2381
CVE.ORG link : CVE-2011-2381
JSON object : View
Products Affected
mozilla
- bugzilla
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')