CVE-2020-10753 - log back

CVE-2020-10753 edited at 22 Nov 2020 18:17:14
References
- https://github.com/ceph/ceph/pull/35773/commits/1524d3c0c5cb11775313ea1e2bb36a93257947f2
+ https://docs.ceph.com/en/latest/releases/nautilus/#v14-2-10-nautilus
+ https://docs.ceph.com/en/latest/releases/octopus/#v15-2-4-octopus
+ https://github.com/ceph/ceph/pull/35773
+ https://github.com/ceph/ceph/commit/ea0a33719e1765a79eb0c7137262b8e93cd073e3
CVE-2020-10753 edited at 28 Jun 2020 16:14:08
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Content spoofing
Description
+ A flaw was found in the Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. This issue affects the RadosGW S3 API, it does not affect the Swift API.
References
+ https://github.com/ceph/ceph/pull/35773/commits/1524d3c0c5cb11775313ea1e2bb36a93257947f2
Notes
CVE-2020-10753 created at 28 Jun 2020 16:13:25