A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.

Published : 2018-10-09 13:29 Updated : 2019-06-11 12:17

CVSS Score More info
Score 6.4 / 10
Vendor Product Version URI
Opensuse Leap 15.0 cpe:/o:opensuse:leap:15.0
Opensuse Leap 42.3 cpe:/o:opensuse:leap:42.3
  1. Opensuse (1) Search CVE
    1. Leap (2) Search CVE
      1. 15.0
      2. 42.3


ID Name Description Links
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs. CVE

History of changes

Date Event
2019-06-11 12:17
2019-01-11 15:42
2018-10-09 13:29