Skip to main content

Whitesource

1 CVEs product

Monthly

CVE-2020-5304 HIGH This Week

The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Whitesource
NVD
CVSS 3.1
7.5
EPSS
1.0%
EPSS 1% CVSS 7.5
HIGH This Week

The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Whitesource
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy