Back to search
CVE-2021-43410
Published: Dec 9, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https://github.com/apache/airavata-django-portal/commit/3c5d8c72bfc3eb0af8693a655a5d60f9273f8170
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Airavata Django Portal | affected master branch - < commit 3c5d8c7 |
Weaknesses (CWE)
References
https://lists.apache.org/thread/q64h16ofdxk29soz3jj561nysnzcrl31
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now