PYSEC-2019-7

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/buildbot/PYSEC-2019-7.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2019-7

Aliases

Published

2019-02-03T08:29:00Z

Modified

2023-11-01T04:51:02.498206Z

Summary

[none]

Details

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.

References

https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code

Affected packages

PyPI / buildbot

Package

Name: buildbot; View open source insights on deps.dev
Purl: pkg:pypi/buildbot

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.9.0

Fixed

1.8.1

Affected versions

0.*

0.9.0

0.9.0.post1

0.9.1

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9

0.9.9.post1

0.9.9.post2

0.9.10

0.9.11

0.9.12

0.9.13

0.9.14

0.9.15

0.9.15.post1

1.*

1.0.0

1.1.0

1.1.1

1.1.2

1.2.0

1.3.0

1.4.0

1.5.0

1.6.0

1.7.0

1.8.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/buildbot/PYSEC-2019-7.yaml"