Norrin

**Name of the Vulnerable Software and Affected Versions** Drupal versions 4.5.x through 4.5.7 Drupal versions 4.6.x through 4.6.7 **Description** The issue allows remote attackers to inject headers of outgoing e-mail messages, potentially using the system as a spam proxy. This is due to a CRLF injection vulnerability. **Recommendations** For versions 4.5.x through 4.5.7, update to version 4.5.8 or later. For versions 4.6.x through 4.6.7, update to version 4.6.8 or later.