CVE-2018-12477

Summary

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.

Affected Software

VendorProductVersion RangeStatus
openSUSEOpen Build Serviceunspecified < d6244245dda5367767efc989446fe4b5e4609cceaffected

Weaknesses

  • CWE-93: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')

ADP Enrichment

CVE Program Container

Additional References

References