CVE-2018-18655

CVE-2018-18655

EPSS 0.8%

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugs.debian.org/911842 https://telescoper.wordpress.com/2018/10/18/a-breakthrough-for-a-bigot/#comment-339386