CRLF Injection Vulnerability in Bugzilla Versions 2.17.1 through 4.1.3

CRLF Injection Vulnerability in Bugzilla Versions 2.17.1 through 4.1.3

CVE-2011-2381 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification.

Learn more about our Web Application Penetration Testing UK.