CVE-2014-1546

Priority
Description
The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm
in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x
before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and 4.5.x before 4.5.5 accepts
certain long callback values and does not restrict the initial bytes of a
JSONP response, which allows remote attackers to conduct cross-site request
forgery (CSRF) attacks, and obtain sensitive information, via a crafted
OBJECT element with SWF content consistent with the _bz_callback character
set.
Notes
jdstrand3.2 not-affected
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE
More Information

Updated: 2020-09-10 02:56:21 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)