Vulnerability	Vulnerable Version
H CRLF injection buildbot is a continuous integration framework for automating software build, test, and release processes. Affected versions of this package are vulnerable to CRLF injection in the Location header of `/auth/login` and `/auth/logout` via the redirect parameter. This affects other web sites in the same domain. How to fix CRLF injection? Upgrade `buildbot` to version 1.8.1 or higher.	[,1.8.1)
H Timing Attack buildbot is an open-source continuous integration framework for automating software build, test, and release processes. Affected versions of this package are vulnerable to Timing Attack. It implemented a character to character comparison `!=`, and not a time constant string comparison. An attacker can use this difference to perform a timing attack, essentially allowing them to guess the encryption key one character at a time. How to fix Timing Attack? Upgrade `buildbot` to version 1.3.0 or higher.	[,1.3.0)

CRLF injection

buildbot is a continuous integration framework for automating software build, test, and release processes.

Affected versions of this package are vulnerable to CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.

How to fix CRLF injection?

Upgrade buildbot to version 1.8.1 or higher.

[,1.8.1)

Timing Attack

buildbot is an open-source continuous integration framework for automating software build, test, and release processes.

Affected versions of this package are vulnerable to Timing Attack. It implemented a character to character comparison !=, and not a time constant string comparison. An attacker can use this difference to perform a timing attack, essentially allowing them to guess the encryption key one character at a time.

How to fix Timing Attack?

Upgrade buildbot to version 1.3.0 or higher.

[,1.3.0)

Go back to all versions of this package