5 matches found
buildbot-legacy-slack-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2019-7313 via buildbot (=1.3.0)
buildbot PYPI version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on buildbot and may be impacted: - buildbot-legacy-slack-adapter =1.0.0, =1.0.1 Source cves: CVE-2019-7313 Source advisory: OSV:GHSA-66X7-2R56-FJ77...
Fedora 28 : buildbot (2019-7eb8c71fe8)
Update to 1.8.1 to fix CVE-2019-7313 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...
buildbot-legacy-slack-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2019-7313 via buildbot (=1.3.0)
buildbot PYPI version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on buildbot and may be impacted: - buildbot-legacy-slack-adapter =1.0.0, =1.0.1 Source cves: CVE-2019-7313 Source advisory: OSV:PYSEC-2019-7...
CVE-2019-7313
CVE-2019-7313 – Buildbot CRLF Injection : The flaw is in www/resource.py in Buildbot before 1.8.1, allowing CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. Root cause: missing input validation in the redirection code, enabling header manipulation ...
MariaDB: CRLF injection on https://buildbot.mariadb.org
A CRLF new line injection vulnerability has been discovered in the Buildbot.net software and reported to us. We have forwarded this to the Buildbot developers which coordinated a fix release and public disclosure. This vulnerability has been assigned CVE-2019-7313. More details in the advisory te...