A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The patch is named f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059.
References
Link | Resource |
---|---|
https://github.com/OnShift/turbogears/commit/f68bbaba47f4474e1da553aa51564a73e1d92a84 | Patch |
https://github.com/OnShift/turbogears/pull/18 | Issue Tracking Patch |
https://github.com/OnShift/turbogears/releases/tag/v1.0.11.11 | Release Notes |
https://vuldb.com/?ctiid.220059 | Permissions Required Third Party Advisory |
https://vuldb.com/?id.220059 | Permissions Required Third Party Advisory |
Configurations
History
27 Oct 2023, 20:14
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-436 |
20 Oct 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The patch is named f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059. | |
CWE |
14 Feb 2023, 01:53
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/OnShift/turbogears/commit/f68bbaba47f4474e1da553aa51564a73e1d92a84 - Patch | |
References | (MISC) https://github.com/OnShift/turbogears/pull/18 - Issue Tracking, Patch | |
References | (MISC) https://vuldb.com/?id.220059 - Permissions Required, Third Party Advisory | |
References | (MISC) https://github.com/OnShift/turbogears/releases/tag/v1.0.11.11 - Release Notes | |
References | (MISC) https://vuldb.com/?ctiid.220059 - Permissions Required, Third Party Advisory | |
CPE | cpe:2.3:a:turbogears_project:turbogears:1.0.11.10:*:*:*:*:*:*:* | |
First Time |
Turbogears Project turbogears
Turbogears Project |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
04 Feb 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-04 08:15
Updated : 2024-04-11 01:05
NVD link : CVE-2019-25101
Mitre link : CVE-2019-25101
CVE.ORG link : CVE-2019-25101
JSON object : View
Products Affected
turbogears_project
- turbogears