CVE-2021-31164

Summary

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache UnomiApache Unomi < 1.5.5affected

Weaknesses

  • CWE-93: CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

ADP Enrichment

CVE Program Container

Additional References

References