CVE-2021-20784

Summary

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product.

Affected Software

VendorProductVersion RangeStatus
voidtoolsEverythingall versions of 1.0 (Everything 1.0 series) except the Lite versionaffected
voidtoolsEverythingall versions of 1.1 (Everything 1.1 series) except the Lite versionaffected
voidtoolsEverythingall versions of 1.2 (Everything 1.2 series) except the Lite versionaffected

Weaknesses

  • CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax

ADP Enrichment

CVE Program Container

Additional References

References