Moderate severity vulnerability that affects Plone and Zope2

2018-07-23T19:51:50
ID GHSA-77HV-8796-8CCP
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:01

Description

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.