Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) buildbot is a continuous integration framework for automating software build, test, and release processes. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the waterfall web status view, which allows attackers to inject arbitrary web script or HTML. How to fix Cross-site Scripting (XSS)? Upgrade `buildbot` to version 0.7.11p3 or higher.	[,0.7.11p3)
H CRLF injection buildbot is a continuous integration framework for automating software build, test, and release processes. Affected versions of this package are vulnerable to CRLF injection in the Location header of `/auth/login` and `/auth/logout` via the redirect parameter. This affects other web sites in the same domain. How to fix CRLF injection? Upgrade `buildbot` to version 1.8.1 or higher.	[,1.8.1)
H Timing Attack buildbot is an open-source continuous integration framework for automating software build, test, and release processes. Affected versions of this package are vulnerable to Timing Attack. It implemented a character to character comparison `!=`, and not a time constant string comparison. An attacker can use this difference to perform a timing attack, essentially allowing them to guess the encryption key one character at a time. How to fix Timing Attack? Upgrade `buildbot` to version 1.3.0 or higher.	[,1.3.0)
M Cross-site Scripting (XSS) buildbot is an open-source continuous integration framework for automating software build, test, and release processes. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. A malicious user could inject arbitrary web script or HTML via unspecified vectors. How to fix Cross-site Scripting (XSS)? Upgrade `buildbot` to version 0.7.11p3 or higher.	[0.7.6,0.7.11p3)

Go back to all versions of this package