Plone · Plone · CVE-2012-5486
**Name of the Vulnerable Software and Affected Versions**
Zope versions prior to 2.13.19
Plone versions prior to 4.3 beta 1
**Description**
The issue allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character in the ZPublisher.HTTPRequest. scrubHeader function.
**Recommendations**
For Zope versions prior to 2.13.19, update to version 2.13.19 or later.
For Plone versions prior to 4.3 beta 1, update to version 4.3 beta 1 or later.