In Apache Allura prior to 1.8.1, attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victimβs browsing session.
[
{
"product": "Apache Allura",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "prior to 1.8.1"
}
]
}
]