A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce.
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Leap | Opensuse | 15.0 (including) | 15.0 (including) |
Leap | Opensuse | 42.3 (including) | 42.3 (including) |