Closed
Description
In GitHub Security Advisory GHSA-gw97-f6h8-gm94, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/apache/trafficcontrol | 5.1.3 | < 5.1.3 |
See doc/triage.md for instructions on how to triage this report.
packages:
- package: github.com/apache/trafficcontrol
versions:
- fixed: 5.1.3
description: An authenticated Apache Traffic Control Traffic Ops user with Portal-level
privileges can send a request with a specially-crafted email subject to the /deliveryservices/request
Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary
body to an arbitrary email address. Apache Traffic Control 5.1.x users should
upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.
published: 2021-10-13T18:55:04Z
last_modified: 2021-10-20T17:07:21Z
cves:
- CVE-2021-42009
ghsas:
- GHSA-gw97-f6h8-gm94
links:
context:
- https://github.com/advisories/GHSA-gw97-f6h8-gm94