CVE-2019-25101

Name of the Vulnerable Software and Affected Versions OnShift TurboGears version 1.0.11.10

Description A critical vulnerability has been found in OnShift TurboGears, affecting an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting, and it is possible to initiate the attack remotely.

Recommendations For OnShift TurboGears version 1.0.11.10, upgrade to version 1.0.11.11 to address this issue. As a temporary workaround, consider restricting access to the HTTP Header Handler component until the patch is applied.