CVE-2019-7313

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-7313

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7313.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-7313

Aliases

Downstream

DEBIAN-CVE-2019-7313

UBUNTU-CVE-2019-7313

Published

2019-02-03T08:29:00.480Z

Modified

2025-11-14T09:57:41.517553Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.

References

https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code

Affected packages

Git / github.com/buildbot/buildbot

Affected ranges

Type: GIT
Repo: https://github.com/buildbot/buildbot
Events: Introduced

a3ffaf12bcecc98e5f0102a907bd13afb620cc08

Last affected

0ca122596e3b2404b4367aa17c21b29d2cf7c32a

Affected versions

0.*

0.8.13-pre

v0.*

v0.8.11-pre

v0.9.0

v0.9.0-pre

v0.9.0.post1

v0.9.0b1

v0.9.0b2

v0.9.0b3

v0.9.0b4

v0.9.0b6

v0.9.0b7

v0.9.0b8

v0.9.0rc1

v0.9.0rc2

v0.9.0rc3

v0.9.0rc4

v0.9.1

v0.9.10

v0.9.11

v0.9.12

v0.9.12.post1

v0.9.13

v0.9.14

v0.9.15

v0.9.15.post1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v0.9.9.post1

v0.9.9.post2

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.3.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-7313.json"