Moderate severityOSV Advisory· Published Feb 3, 2019· Updated Sep 16, 2024
CVE-2019-7313
CVE-2019-7313
Description
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
buildbotPyPI | >= 0.9.0, < 1.8.1 | 1.8.1 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-66x7-2r56-fj77ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-7313ghsaADVISORY
- github.com/buildbot/buildbot/commit/e781f110933e05ecdb30abc64327a2c7c9ff9c5aghsaWEB
- github.com/buildbot/buildbot/pull/4584ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/buildbot/PYSEC-2019-7.yamlghsaWEB
News mentions
0No linked articles in our index yet.