mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-25 08:34:03 +02:00
0xMarcio
969 B
969 B
CVE-2020-5304
Description
The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data and false entries.
POC
Reference
- https://medium.com/%40venkatajayaram.yalla/whitesource-log-injection-vulnerability-cve-2020-5304-e543b7943c2b
- https://medium.com/@venkatajayaram.yalla/whitesource-log-injection-vulnerability-cve-2020-5304-e543b7943c2b
Github
No PoCs found on GitHub currently.