GHSA-77hv-8796-8ccp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-77hv-8796-8ccp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-77hv-8796-8ccp/GHSA-77hv-8796-8ccp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-77hv-8796-8ccp
- Aliases
-
- CVE-2012-5486
- PYSEC-2014-28
- PYSEC-2014-73
- Published
- 2018-07-23T19:51:50Z
- Modified
- 2024-12-01T05:25:30.698949Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- HTTP header injection in Plone and Zope2
- Details
-
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
- Database specific
{ "github_reviewed_at": "2020-06-16T21:21:53Z", "github_reviewed": true, "cwe_ids": [], "nvd_published_at": "2014-09-30T14:55:00Z", "severity": "HIGH" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2012-5486
- https://access.redhat.com/errata/RHSA-2014:1194
- https://access.redhat.com/security/cve/CVE-2012-5486
- https://bugs.launchpad.net/zope2/+bug/930812
- https://bugzilla.redhat.com/show_bug.cgi?id=878939
- https://github.com/advisories/GHSA-77hv-8796-8ccp
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-28.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-73.yaml
- https://plone.org/products/plone-hotfix/releases/20121106
- https://plone.org/products/plone/security/advisories/20121106/02
- http://rhn.redhat.com/errata/RHSA-2014-1194.html
- http://www.openwall.com/lists/oss-security/2012/11/10/1
Affected packages
PyPI / zope2
Package
- Name
- zope2
- View open source insights on deps.dev
- Purl
- pkg:pypi/zope2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.13.19
Affected versions
2.*
2.12.0.a1
2.12.0a2
2.12.0a3
2.12.0a4
2.12.0b1
2.12.0b2
2.12.0b3
2.12.0b4
2.12.0c1
2.12.0
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.12.6
2.12.7
2.12.8
2.12.9
2.12.10
2.12.11
2.12.12
2.12.13
2.12.14
2.12.15
2.12.16
2.12.17
2.12.18
2.12.19
2.12.20
2.12.21
2.12.22
2.12.23
2.12.24
2.12.25
2.12.26
2.12.27
2.12.28
2.13.0a1
2.13.0a2
2.13.0a3
2.13.0a4
2.13.0b1
2.13.0c1
2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.13.5
2.13.6
2.13.7
2.13.8
2.13.9
2.13.10
2.13.11
2.13.12
2.13.13
2.13.14
2.13.15
2.13.16
2.13.17
2.13.18
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone
Affected versions
3.*
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
4.*
4.0a1
4.0a2
4.0a3
4.0a4
4.0a5
4.0b1
4.0b2
4.0b3
4.0b4
4.0b5
4.0rc1
4.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc2
4.1rc3
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
4.2a1
4.2a2
4.2b1
4.2b2
4.2rc1
4.2rc2
4.2
4.2.1
4.2.2
PyPI / plone
Package
- Name
- plone
- View open source insights on deps.dev
- Purl
- pkg:pypi/plone