Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-14704

Impropper sanitisation of attachment filenames allows header injection

    XMLWordPrintable

    Details

      Description

      An attacker can craft a specific attachment filename, or rename the file once it has been uploaded to introduce arbitrary headers into the response stream

        Attachments

          Activity

            People

            Assignee:
            alynch Andrew Lynch
            Reporter:
            dcheney David Cheney
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: