GSA_kwCzR0hTQS1ndzk3LWY2aDgtZ205NM0WjQ

Moderate EPSS: 0.00652% (0.69848 Percentile) EPSS:

Permalink JSON

Email relay in Apache Traffic Control

Affected Packages	Affected Versions	Fixed Versions
go:github.com/apache/trafficcontrol	< 5.1.3	5.1.3
1 Dependent packages 2 Dependent repositories Affected Version Ranges All affected versions 1.1.3, 5.0.0, 5.1.0, 5.1.1, 5.1.2 All unaffected versions 5.1.3, 5.1.4, 5.1.6, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 7.0.0, 7.0.1

An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-42009
https://lists.apache.org/thread.html/re384fd0f44c6d230f31376153c6e8b59e4a669f927c1533d06d702af%40%3Cdev.trafficcontrol.apache.org%3E
https://lists.apache.org/thread.html/rf0481b9e38ece1ece458d3ce7b2d671df819e3555597f31fc34f084e%40%3Ccommits.trafficcontrol.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/10/12/1
https://lists.apache.org/thread.html/r78d471d8a4fd268a4c5ae6c47327c09d9d4b4467c31da2c97422febb@%3Cdev.trafficcontrol.apache.org%3E
https://lists.apache.org/thread.html/r7dfa9a89b39d06caeeeb7b5cdc41b3493a9b86cc6cfa059d3f349d87@%3Cannounce.apache.org%3E
https://github.com/advisories/GHSA-gw97-f6h8-gm94

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS1ndzk3LWY2aDgtZ205NM0WjQ

Email relay in Apache Traffic Control

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API