The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data and false entries.
References
Configurations
History
07 Nov 2023, 03:23
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-06-08 17:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-5304
Mitre link : CVE-2020-5304
CVE.ORG link : CVE-2020-5304
JSON object : View
Products Affected
whitesourcesoftware
- whitesource
CWE
CWE-116
Improper Encoding or Escaping of Output