CVE-2021-42342

Name of the Vulnerable Software and Affected Versions GoAhead versions 4.x through 5.x before 5.1.5 GoAhead version 5.1.5 is not affected, so the range can be simplified to versions prior to 5.1.5.

Description An issue was discovered in the file upload filter, where user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.

Recommendations For versions prior to 5.1.5, update to version 5.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to CGI scripts that may be vulnerable to untrusted environment variables until a patch is available.