-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2021-31164: CRLF Log injection in Apache Unomi

Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected:

This vulnerability affects all versions of Apache Unomi prior to 1.5.5

Description:

Apache Unomi allows CRLF log injection because of lack of escaping in the log statements.

This has been fixed in revision:

https://github.com/apache/unomi/commit/1c088702511ef44a056244cb968682daf8f21946

Migration:

Apache Unomi users should upgrade to 1.5.5 or later.

Credit: This issue was reported by Christos - Minas Mathas
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEFt9+Vnc4Fy+UXwQCfBnR+70asd8FAmCIDQQACgkQfBnR+70a
sd/GWhAAvWvLtZ2//ZBK6CVvlYB6/eZgFISifAcDCm/551tTIA2q8F6rifM7NWEb
e07ntX+LxTrbB0ZEmwwLUjUo4KK5LhtjZafE/7Xwj4U0Lo06WiHdH9jsZwNCO+ao
ikI7tgvdDCbky+xd2mA/f8r0EuQYEKbM+S9S5Qu6nKLivReJQ8Y6PCA3RNUmaiPt
Ir/Y3WYaETt9c2XhH/OhV9uV1LJhmCU5tRF+9gLmad3nuVPYTMyE967t6t511vXt
ESoAiRCnb4SCPbybpevhkjqL5wlhxqthswK/O6ZAPWLUhigE2iwv9CXTUQDSv9/I
hotq3hkfka/PS51GQiVe4IsEyWMw1jW5uXAe+I1BURq7VKPhrhLtNm1qdouay9oN
rR4QMJAXcHtN2rn3ZqZS+Ck9a/PwiMH3lp4FkI4tx69iG5Q8FPdmYZfLCfuNX0P/
4YV7TpNFDN0SmE/VA9ms5BeB3ijGwgxkX4UtwahdnSggjBSfhVN/Mgf5CfqwX5Sb
fA1kdeRQl3+S0tfIDIsvdV5d0uf+CjwGR4pzaNymhj4MJ3FAeWCj5XjDdcE/cLHN
WuXCxDdMtDZayBP2e3/wssqeOPaNOWf0QWuFV/DV+CyDUkwKxWBtW50xHiJ0lwgI
GmNbU7t853BWuBK4/nGWMe3lJq70FTfhZPW15qKYffJxIWrjTLk=
=HiSw
-----END PGP SIGNATURE-----