CVE-2021-42009: Improper Input Validation

October 12, 2021 (updated November 9, 2023)

An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address.

References

nvd.nist.gov/vuln/detail/CVE-2021-42009

Detect and mitigate CVE-2021-42009 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →