VYPR

AVM

by whitesource

CVEs (1)

  • CVE-2020-5304HigJun 8, 2020
    risk 0.49cvss 7.5epss 0.01

    The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also…