2021-05-04 09:15:00 2021-05-11 20:34:00

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
Advisory Patch Confirmed Link
http://unomi.apache.org/security/cve-2021-31164