CVE-2018-18655

2018-10-2600:00:00

mitre

www.cve.org

prayer throgh 1.3.5

referer header

user's username

email link

no-referrer setting

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

37.0%

JSON

Prayer through 1.3.5 sends a Referer header, containing a user’s username, when a user clicks on a link in their email because header.t lacks a no-referrer setting.

References

bugs.debian.org/911842

telescoper.wordpress.com/2018/10/18/a-breakthrough-for-a-bigot/#comment-339386