Date: Tue, 12 Oct 2021 00:29:24 +0000 From: Eric Friedrich <friede@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request Description: An authenticated Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.