Davisagli

**Name of the Vulnerable Software and Affected Versions** Zope versions prior to 2.13.19 Plone versions prior to 4.3 beta 1 **Description** The issue allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character in the ZPublisher.HTTPRequest. scrubHeader function. **Recommendations** For Zope versions prior to 2.13.19, update to version 2.13.19 or later. For Plone versions prior to 4.3 beta 1, update to version 4.3 beta 1 or later.