CVE-2021-31164

High

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.

apache·CWE-93·Published 2021-05-04

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

116 chars

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.

NVDen

116 chars

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.

OSV.deven

116 chars

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.

GHSAen

116 chars

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.

NVDes

140 chars

Apache Unomi versiones anteriores a 1.5.5, permite la inyección de registros CRLF debido a una falta de escape en las sentencias de registro

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N