You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by zr...@apache.org on 2021/10/12 00:26:50 UTC
[trafficcontrol-website] branch asf-site updated (41e39db ->
efd52c0)
This is an automated email from the ASF dual-hosted git repository.
zrhoffman pushed a change to branch asf-site
in repository https://gitbox.apache.org/repos/asf/trafficcontrol-website.git.
from 41e39db Release 6.0.0
new 20ca818 Add CVE-2021-42009
new efd52c0 Link to cve.mitre.org for CVEs
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
releases/index.html | 2 +-
security/index.html | 8 +++++---
2 files changed, 6 insertions(+), 4 deletions(-)
[trafficcontrol-website] 01/02: Add CVE-2021-42009
Posted by zr...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
zrhoffman pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/trafficcontrol-website.git
commit 20ca818dbd619a61e0eecd00e6b6312e62b75993
Author: Zach Hoffman <zr...@apache.org>
AuthorDate: Mon Oct 11 18:24:24 2021 -0600
Add CVE-2021-42009
---
releases/index.html | 2 +-
security/index.html | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/releases/index.html b/releases/index.html
index 4e5caa6..5622daa 100644
--- a/releases/index.html
+++ b/releases/index.html
@@ -162,7 +162,7 @@
</p>
<p class="card-text"><h6>Fixed</h6>
<ul>
- <li><strong><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-42009" rel="nofollow">CVE-2021-42009</a></strong>: Customer names in payloads sent to the <code>/deliveryservices/request</code> Traffic Ops API endpoint can no longer contain characters besides alphanumerics, @, !, #, $, %, ^, &, *, (, ), [, ], '.', ' ', and '-'. This fixes a vulnerability that allowed email content injection.</li>
+ <li><strong><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42009" rel="nofollow">CVE-2021-42009</a></strong>: Customer names in payloads sent to the <code>/deliveryservices/request</code> Traffic Ops API endpoint can no longer contain characters besides alphanumerics, @, !, #, $, %, ^, &, *, (, ), [, ], '.', ' ', and '-'. This fixes a vulnerability that allowed email content injection.</li>
<li><a href="https://github.com/apache/trafficcontrol/issues/2471">#2471</a> - A PR check to ensure added db migration file is the latest.</li>
<li><a href="https://github.com/apache/trafficcontrol/issues/5609">#5609</a> - Fixed GET /servercheck filter for an extra query param.</li>
<li><a href="https://github.com/apache/trafficcontrol/issues/5954">#5954</a> - Traffic Ops HTTP response write errors are ignored</li>
diff --git a/security/index.html b/security/index.html
index ad7b9c4..91c5cfd 100644
--- a/security/index.html
+++ b/security/index.html
@@ -103,6 +103,8 @@
<div class="card-body">
<h4 class="card-title">Past Vulnerabilities</h4>
<ul>
+ <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-42009">CVE-2021-42009: Apache Traffic
+ Control Email Injection Vulnerability</a></li>
<li><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-17522">CVE-2020-17522: Apache Traffic
Control Mid Tier Cache Manipulation Attack</a></li>
<li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-12405">CVE-2019-12405: Apache Traffic
[trafficcontrol-website] 02/02: Link to cve.mitre.org for CVEs
Posted by zr...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
zrhoffman pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/trafficcontrol-website.git
commit efd52c07b046cb1f200fc60a339583d44f24eea8
Author: Zach Hoffman <zr...@apache.org>
AuthorDate: Mon Oct 11 18:26:27 2021 -0600
Link to cve.mitre.org for CVEs
---
security/index.html | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/security/index.html b/security/index.html
index 91c5cfd..b2c6621 100644
--- a/security/index.html
+++ b/security/index.html
@@ -103,13 +103,13 @@
<div class="card-body">
<h4 class="card-title">Past Vulnerabilities</h4>
<ul>
- <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-42009">CVE-2021-42009: Apache Traffic
+ <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42009">CVE-2021-42009: Apache Traffic
Control Email Injection Vulnerability</a></li>
- <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-17522">CVE-2020-17522: Apache Traffic
+ <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17522">CVE-2020-17522: Apache Traffic
Control Mid Tier Cache Manipulation Attack</a></li>
- <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-12405">CVE-2019-12405: Apache Traffic
+ <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12405">CVE-2019-12405: Apache Traffic
Control LDAP-based authentication vulnerability</a></li>
- <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2017-7670">CVE-2017-7670: Apache Traffic
+ <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7670">CVE-2017-7670: Apache Traffic
Control Traffic Router Slowloris Denial of Service Vulnerability</a></li>
</ul>
</p>