Improper Input Validation

🗓️ 13 Oct 2021 00:00:00Reported by https://gitlab.com/gitlab-org/security-products/gemnasium-dbType

An Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request endpoint to send an email from the Traffic Ops server with an arbitrary body to an arbitrary email address. Upgrade to versions 5.1.3 or 6.0.0 for 5.1.x users and to 5.1.3 for 4.1.x users

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2021-42009	12 Oct 202112:25	–	circl
CNNVD	Apache Traffic Control 输入验证错误漏洞	12 Oct 202100:00	–	cnnvd
CNVD	Apache Traffic Control input validation error vulnerability	15 Oct 202100:00	–	cnvd
CVE	CVE-2021-42009	12 Oct 202107:40	–	cve
Cvelist	CVE-2021-42009 Apache Traffic Control Traffic Ops Email Injection Vulnerability	12 Oct 202107:40	–	cvelist
EUVD	EUVD-2021-2206	7 Oct 202500:30	–	euvd
Github Security Blog	Email relay in Apache Traffic Control	13 Oct 202118:55	–	github
GitLab Advisory Database	Improper Input Validation	12 Oct 202100:00	–	gitlab
NVD	CVE-2021-42009	12 Oct 202108:15	–	nvd
OSV	GHSA-GW97-F6H8-GM94 Email relay in Apache Traffic Control	13 Oct 202118:55	–	osv

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-42009
lists	www.lists.apache.org/thread.html/re384fd0f44c6d230f31376153c6e8b59e4a669f927c1533d06d702af%40%3Cdev.trafficcontrol.apache.org%3E
lists	www.lists.apache.org/thread.html/rf0481b9e38ece1ece458d3ce7b2d671df819e3555597f31fc34f084e%40%3Ccommits.trafficcontrol.apache.org%3E
openwall	www.openwall.com/lists/oss-security/2021/10/12/1
lists	www.lists.apache.org/thread.html/r78d471d8a4fd268a4c5ae6c47327c09d9d4b4467c31da2c97422febb@%3Cdev.trafficcontrol.apache.org%3E
lists	www.lists.apache.org/thread.html/r7dfa9a89b39d06caeeeb7b5cdc41b3493a9b86cc6cfa059d3f349d87@%3Cannounce.apache.org%3E
github	www.github.com/advisories/GHSA-gw97-f6h8-gm94

13 Oct 2021 00:00Current

3.6Low risk

Vulners AI Score3.6

CVSS 24

CVSS 3.14.3

EPSS0.02734