CVE-2021-31164
published 2021-05-04CVE-2021-31164: Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | unomi | < 1.5.5 | 1.5.5 |
| apache_software_foundation | apache_unomi | >= Apache Unomi < 1.5.5 | 1.5.5 |