VYPR

radosgw

by Ceph

CVEs (2)

  • CVE-2020-10753Jun 26, 2020
    risk 0.00cvss epss 0.02

    A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the…

  • CVE-2015-5245Dec 3, 2015
    risk 0.00cvss epss 0.02

    CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.