PYSEC-2014-73
- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/zope2/PYSEC-2014-73.yaml
- Aliases
-
- CVE-2012-5486
- GHSA-77hv-8796-8ccp
- PYSEC-2014-28
- Published
- 2014-09-30T14:55:00Z
- Modified
- 2023-11-08T03:57:08.503914Z
- Details
-
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
- References
-
- http://www.openwall.com/lists/oss-security/2012/11/10/1
- https://bugs.launchpad.net/zope2/+bug/930812
- https://plone.org/products/plone/security/advisories/20121106/02
- https://plone.org/products/plone-hotfix/releases/20121106
- http://rhn.redhat.com/errata/RHSA-2014-1194.html
- https://github.com/advisories/GHSA-77hv-8796-8ccp
Affected packages
PyPI / zope2
Package
- Name
- zope2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed2.13.19
Affected versions
2.*
2.12.0.a1
2.12.0a2
2.12.0a3
2.12.0a4
2.12.0b1
2.12.0b2
2.12.0b3
2.12.0b4
2.12.0c1
2.12.0
2.12.1
2.12.2
2.12.3
2.12.4
2.12.5
2.12.6
2.12.7
2.12.8
2.12.9
2.12.10
2.12.11
2.12.12
2.12.13
2.12.14
2.12.15
2.12.16
2.12.17
2.12.18
2.12.19
2.12.20
2.12.21
2.12.22
2.12.23
2.12.24
2.12.25
2.12.26
2.12.27
2.12.28
2.13.0a1
2.13.0a2
2.13.0a3
2.13.0a4
2.13.0b1
2.13.0c1
2.13.0
2.13.1
2.13.2
2.13.3
2.13.4
2.13.5
2.13.6
2.13.7
2.13.8
2.13.9
2.13.10
2.13.11
2.13.12
2.13.13
2.13.14
2.13.15
2.13.16
2.13.17
2.13.18