SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | spip | < 3.2.5-1 | spip_3.2.5-1_all.deb |
Debian | 11 | all | spip | < 3.2.5-1 | spip_3.2.5-1_all.deb |
Debian | 10 | all | spip | < 3.2.4-1+deb10u1 | spip_3.2.4-1+deb10u1_all.deb |
Debian | 999 | all | spip | < 3.2.5-1 | spip_3.2.5-1_all.deb |
Debian | 13 | all | spip | < 3.2.5-1 | spip_3.2.5-1_all.deb |