oss-sec mailing list archives
CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request
From: Eric Friedrich <friede () apache org>
Date: Tue, 12 Oct 2021 00:29:24 +0000
Description: An authenticated Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address.
Current thread:
- CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request Eric Friedrich (Oct 12)