---

CVE-2020-10753 - log back

CVE-2020-10753 edited at 22 Nov 2020 18:17:14
References	- https://github.com/ceph/ceph/pull/35773/commits/1524d3c0c5cb11775313ea1e2bb36a93257947f2 + https://docs.ceph.com/en/latest/releases/nautilus/#v14-2-10-nautilus + https://docs.ceph.com/en/latest/releases/octopus/#v15-2-4-octopus + https://github.com/ceph/ceph/pull/35773 + https://github.com/ceph/ceph/commit/ea0a33719e1765a79eb0c7137262b8e93cd073e3

CVE-2020-10753 edited at 28 Jun 2020 16:14:08
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Content spoofing
Description	+ A flaw was found in the Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. This issue affects the RadosGW S3 API, it does not affect the Swift API.
References	+ https://github.com/ceph/ceph/pull/35773/commits/1524d3c0c5cb11775313ea1e2bb36a93257947f2
Notes

CVE-2020-10753 created at 28 Jun 2020 16:13:25