Github

**Name of the Vulnerable Software and Affected Versions** Apache Traffic Control versions 4.1.x through 5.1.x **Description** An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the "/deliveryservices/request" Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. **Recommendations** For Apache Traffic Control 4.1.x, upgrade to 5.1.3. For Apache Traffic Control 5.1.x, upgrade to 5.1.3 or 6.0.0.