FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2018-12477

Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93)

Published: Oct 9, 2018 / Updated: 62mo ago

010
No CVSS yetEPSS 0.14%
CVE info copied to clipboard

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.

Timeline

First Article

Feedly found the first article mentioning CVE-2018-12477. See article

Oct 9, 2018 at 2:41 PM / cve.mitre.org
EPSS

EPSS Score was set to: 0.14% (Percentile: 48.9%)

Nov 15, 2023 at 6:19 PM
Static CVE Timeline Graph

Affected Systems

Opensuse/leap
+null more

Patches

bugzilla.suse.com
+null more

Attack Patterns

CAPEC-15: Command Delimiters
+null more

News

CVE-2018-12477 | openSUSE Open Build Service prior d6244245dda5367767efc989446fe4b5e4609cce crlf injection (Bug 1108189)
VulDB Updates / 56mo
A vulnerability was found in openSUSE Open Build Service . It has been rated as critical . This issue affects some unknown processing. The manipulation leads to crlf injection. The identification of this vulnerability is CVE-2018-12477 . The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

CVSS V3.1

Unknown

Categories

CWE-93(62)Opensuse(3277)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial