CVE-2018-11044

CVE-2018-11044

Pivotal Apps Manager included in Pivotal Application Service, versions 2.2.x prior to 2.2.1 and 2.1.x prior to 2.1.8 and 2.0.x prior to 2.0.17 and 1.12.x prior to 1.12.26, does not escape all user-provided content when sending invitation emails. A malicious authenticated user can inject content into an invite to another user, exploiting the trust implied by the source of the email.

Source: CVE-2018-11044

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다