{"id":"PYSEC-2019-7","details":"www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.","aliases":["CVE-2019-7313","GHSA-66x7-2r56-fj77"],"modified":"2026-06-10T17:00:39.466724525Z","published":"2019-02-03T08:29:00Z","references":[{"type":"WEB","url":"https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-66x7-2r56-fj77"}],"affected":[{"package":{"name":"buildbot","ecosystem":"PyPI","purl":"pkg:pypi/buildbot"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.9.0"},{"fixed":"1.8.1"}]}],"versions":["0.9.0","0.9.0.post1","0.9.1","0.9.10","0.9.11","0.9.12","0.9.13","0.9.14","0.9.15","0.9.15.post1","0.9.2","0.9.3","0.9.4","0.9.5","0.9.6","0.9.7","0.9.8","0.9.9","0.9.9.post1","0.9.9.post2","1.0.0","1.1.0","1.1.1","1.1.2","1.2.0","1.3.0","1.4.0","1.5.0","1.6.0","1.7.0","1.8.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/buildbot/PYSEC-2019-7.yaml"}}],"schema_version":"1.7.5"}