CVE-2011-2381

2011-08-09T19:55:00
ID CVE-2011-2381
Type cve
Reporter cve@mitre.org
Modified 2017-08-29T01:29:00

Description

CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification.