← Back

Whitesource

whitesource

Vendor: Whitesourcesoftware • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-5304
1Whitesourcesoftware
1Whitesource
Nov 21, 2024
Jun 8, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creat...Show more
The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data and false entries.Show less