CVE-2019-7313: Buildbot CRLF Injection
(updated )
www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.
References
- github.com/advisories/GHSA-66x7-2r56-fj77
- github.com/buildbot/buildbot
- github.com/buildbot/buildbot/commit/e781f110933e05ecdb30abc64327a2c7c9ff9c5a
- github.com/buildbot/buildbot/pull/4584
- github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code
- github.com/pypa/advisory-database/tree/main/vulns/buildbot/PYSEC-2019-7.yaml
- nvd.nist.gov/vuln/detail/CVE-2019-7313
Detect and mitigate CVE-2019-7313 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →