CVE-2021-31988
05.10.2021, 22:15
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.
| Vendor | Product | Version |
|---|---|---|
| axis | axis_os | 𝑥 < 10.7 |
| axis | axis_os_2016 | 𝑥 < 6.50.5.5 |
| axis | axis_os_2018 | 𝑥 < 8.40.4.3 |
| axis | axis_os_2020 | 𝑥 < 9.80.3.5 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-1286 - Improper Validation of Syntactic Correctness of InputThe product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.