| -----BEGIN PGP SIGNED MESSAGE----- |
| Hash: SHA512 |
| |
| CVE-2021-31164: CRLF Log injection in Apache Unomi |
| |
| Severity: Medium |
| |
| Vendor: The Apache Software Foundation |
| |
| Versions Affected: |
| |
| This vulnerability affects all versions of Apache Unomi prior to 1.5.5 |
| |
| Description: |
| |
| Apache Unomi allows CRLF log injection because of lack of escaping in the log statements. |
| |
| This has been fixed in revision: |
| |
| https://github.com/apache/unomi/commit/1c088702511ef44a056244cb968682daf8f21946 |
| |
| Migration: |
| |
| Apache Unomi users should upgrade to 1.5.5 or later. |
| |
| Credit: This issue was reported by Christos - Minas Mathas |
| -----BEGIN PGP SIGNATURE----- |
| |
| iQIzBAEBCgAdFiEEFt9+Vnc4Fy+UXwQCfBnR+70asd8FAmCIDQQACgkQfBnR+70a |
| sd/GWhAAvWvLtZ2//ZBK6CVvlYB6/eZgFISifAcDCm/551tTIA2q8F6rifM7NWEb |
| e07ntX+LxTrbB0ZEmwwLUjUo4KK5LhtjZafE/7Xwj4U0Lo06WiHdH9jsZwNCO+ao |
| ikI7tgvdDCbky+xd2mA/f8r0EuQYEKbM+S9S5Qu6nKLivReJQ8Y6PCA3RNUmaiPt |
| Ir/Y3WYaETt9c2XhH/OhV9uV1LJhmCU5tRF+9gLmad3nuVPYTMyE967t6t511vXt |
| ESoAiRCnb4SCPbybpevhkjqL5wlhxqthswK/O6ZAPWLUhigE2iwv9CXTUQDSv9/I |
| hotq3hkfka/PS51GQiVe4IsEyWMw1jW5uXAe+I1BURq7VKPhrhLtNm1qdouay9oN |
| rR4QMJAXcHtN2rn3ZqZS+Ck9a/PwiMH3lp4FkI4tx69iG5Q8FPdmYZfLCfuNX0P/ |
| 4YV7TpNFDN0SmE/VA9ms5BeB3ijGwgxkX4UtwahdnSggjBSfhVN/Mgf5CfqwX5Sb |
| fA1kdeRQl3+S0tfIDIsvdV5d0uf+CjwGR4pzaNymhj4MJ3FAeWCj5XjDdcE/cLHN |
| WuXCxDdMtDZayBP2e3/wssqeOPaNOWf0QWuFV/DV+CyDUkwKxWBtW50xHiJ0lwgI |
| GmNbU7t853BWuBK4/nGWMe3lJq70FTfhZPW15qKYffJxIWrjTLk= |
| =HiSw |
| -----END PGP SIGNATURE----- |