CVE-2021-31164

CWE-93CWE-744 documents4 sources
Severity
7.5HIGH
EPSS
2.9%
top 13.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache UnomiApache Unomi
Timeline
PublishedMay 4
Latest updateJun 16

Description

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDapache/unomi< 1.5.5
Mavenorg.apache.unomi:unomi< 1.5.5
CVEListV5apache_software_foundation/apache_unomiApache Unomi1.5.5

Patches

Patch: unomi.apache.orgPatch: unomi.apache.org

🔴Vulnerability Details

3
GHSA
Command injection in Apache Unomi2021-06-16
OSV
Command injection in Apache Unomi2021-06-16
CVEList
Apache Unomi log injection2021-05-04