You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by zr...@apache.org on 2021/10/12 00:26:51 UTC

[trafficcontrol-website] 01/02: Add CVE-2021-42009

This is an automated email from the ASF dual-hosted git repository.

zrhoffman pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/trafficcontrol-website.git

commit 20ca818dbd619a61e0eecd00e6b6312e62b75993
Author: Zach Hoffman <zr...@apache.org>
AuthorDate: Mon Oct 11 18:24:24 2021 -0600

    Add CVE-2021-42009
---
 releases/index.html | 2 +-
 security/index.html | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/releases/index.html b/releases/index.html
index 4e5caa6..5622daa 100644
--- a/releases/index.html
+++ b/releases/index.html
@@ -162,7 +162,7 @@
                         </p>
                         <p class="card-text"><h6>Fixed</h6>
                         <ul>
-                            <li><strong><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-42009" rel="nofollow">CVE-2021-42009</a></strong>: Customer names in payloads sent to the <code>/deliveryservices/request</code> Traffic Ops API endpoint can no longer contain characters besides alphanumerics, @, !, #, $, %, ^, &amp;, *, (, ), [, ], '.', ' ', and '-'. This fixes a vulnerability that allowed email content injection.</li>
+                            <li><strong><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42009" rel="nofollow">CVE-2021-42009</a></strong>: Customer names in payloads sent to the <code>/deliveryservices/request</code> Traffic Ops API endpoint can no longer contain characters besides alphanumerics, @, !, #, $, %, ^, &amp;, *, (, ), [, ], '.', ' ', and '-'. This fixes a vulnerability that allowed email content injection.</li>
                             <li><a href="https://github.com/apache/trafficcontrol/issues/2471">#2471</a> - A PR check to ensure added db migration file is the latest.</li>
                             <li><a href="https://github.com/apache/trafficcontrol/issues/5609">#5609</a> - Fixed GET /servercheck filter for an extra query param.</li>
                             <li><a href="https://github.com/apache/trafficcontrol/issues/5954">#5954</a> - Traffic Ops HTTP response write errors are ignored</li>
diff --git a/security/index.html b/security/index.html
index ad7b9c4..91c5cfd 100644
--- a/security/index.html
+++ b/security/index.html
@@ -103,6 +103,8 @@
                     <div class="card-body">
                         <h4 class="card-title">Past Vulnerabilities</h4>
                         <ul>
+                            <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-42009">CVE-2021-42009: Apache Traffic
+                                    Control Email Injection Vulnerability</a></li>
                             <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-17522">CVE-2020-17522: Apache Traffic
                                     Control Mid Tier Cache Manipulation Attack</a></li>
                             <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-12405">CVE-2019-12405: Apache Traffic