PT-2021-23837 · Apache · Apache Airavata Django Portal

Published

2021-12-09

Updated

2021-12-14

CVE-2021-43410

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache Airavata Django Portal versions prior to commit 3c5d8c7

Description The issue arises from a lack of escaping log statements, allowing CRLF log injection. Specifically, some HTTP request parameters are logged without being escaped first.

Recommendations For versions prior to commit 3c5d8c7, update to a version that includes the fix for this issue, which is available after commit 3c5d8c7. As a temporary workaround, consider modifying the logging configuration to properly escape HTTP request parameters before they are logged.

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116CWE-117

Related Identifiers

CVE-2021-43410

Affected Products

Apache Airavata Django Portal

PT-2021-23837 · Apache · Apache Airavata Django Portal

CVE-2021-43410

Weakness Enumeration

Related Identifiers

Affected Products

References · 3