← back
CVE-2011-2381

CVE-2011-2381

EPSS 1.5%
CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.mozilla.org/show_bug.cgi?id=657158http://secunia.com/advisories/45501https://exchange.xforce.ibmcloud.com/vulnerabilities/69035http://www.bugzilla.org/security/3.4.11/http://www.debian.org/security/2011/dsa-2322http://www.osvdb.org/74300http://www.securityfocus.com/bid/49042