CVE-2018-12477

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.

Published : 2018-10-09 13:29 Updated : 2019-01-11 15:42

6.4
CVSS Score More info
Score 6.4 / 10
6.4
Vendor Product Version URI
Opensuse Opensuse Leap 15.0 cpe:/a:opensuse:opensuse_leap:15.0
Opensuse Opensuse Leap 42.3 cpe:/a:opensuse:opensuse_leap:42.3
  1. Opensuse (1) Search CVE
    1. Opensuse Leap (2) Search CVE
      1. 15.0
      2. 42.3

CWE

ID Name Description Links
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs. CVE

History of changes

Date Event
2019-01-11 15:42
2018-10-09 13:29

New CVE