CVE-2021-42009

An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:traffic_control:*:*:*:*:*:*:*:*

Information

Published : 2021-10-12 08:15

Updated : 2021-10-19 01:18


NVD link : CVE-2021-42009

Mitre link : CVE-2021-42009


JSON object : View

Products Affected

apache

  • traffic_control
CWE
CWE-20

Improper Input Validation