Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-55754

Summary
Assigner-apache
Assigner Org ID-f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At-27 Oct, 2025 | 17:29
Updated At-12 May, 2026 | 12:08
Rejected At-
Credits

Apache Tomcat: console manipulation via escape sequences in log messages

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:apache
Assigner Org ID:f0158376-9dc2-43b6-827c-5f631a4d8d09
Published At:27 Oct, 2025 | 17:29
Updated At:12 May, 2026 | 12:08
Rejected At:
â–¼CVE Numbering Authority (CNA)
Apache Tomcat: console manipulation via escape sequences in log messages

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.

Affected Products
Vendor
The Apache Software FoundationApache Software Foundation
Product
Apache Tomcat
Default Status
unaffected
Versions
Affected
  • From 11.0.0-M1 through 11.0.10 (semver)
  • From 10.1.0-M1 through 10.1.44 (semver)
  • From 9.0.40 through 9.0.108 (semver)
  • From 8.5.60 through 8.5.100 (semver)

unknown

  • From 3 before 8.5.0 (semver)
  • From 10.0.0-M1 through 10.0.27 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-150CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
Type: CWE
CWE ID: CWE-150
Description: CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Textual description of severity
text:
low
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Elysee Franchuk of MOBIA Technology Innovations
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd
vendor-advisory
Hyperlink: https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.19.6CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2025/10/27/5
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2025/10/27/5
Resource: N/A
3.
Affected Products
Vendor
Siemens AGSiemens
Product
SIMATIC CN 4100
Default Status
unknown
Versions
Affected
  • From 0 before V5.0 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cert-portal.siemens.com/productcert/html/ssa-032379.html
N/A
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-032379.html
Resource: N/A
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@apache.org
Published At:27 Oct, 2025 | 18:15
Updated At:12 May, 2026 | 13:17

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a specially crafted URL to inject ANSI escape sequences to manipulate the console and the clipboard and attempt to trick an administrator into running an attacker controlled command. While no attack vector was found, it may have been possible to mount this attack on other operating systems. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.10, from 10.1.0-M1 through 10.1.44, from 9.0.40 through 9.0.108. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.60 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.11 or later, 10.1.45 or later or 9.0.109 or later, which fix the issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.6CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CPE Matches
The Apache Software Foundation
apache
>>tomcat>>Versions from 8.5.60(inclusive) to 8.5.100(inclusive)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>Versions from 9.0.40(inclusive) to 9.0.109(exclusive)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>Versions from 10.0.0(inclusive) to 10.0.27(exclusive)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>Versions from 10.1.0(inclusive) to 10.1.45(exclusive)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>Versions from 11.0.0(inclusive) to 11.0.11(exclusive)
cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-150Secondarysecurity@apache.org
CWE ID: CWE-150
Type: Secondary
Source: security@apache.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqdsecurity@apache.org
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/10/27/5af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-032379.html0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
N/A
Hyperlink: https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd
Source: security@apache.org
Resource:
Mailing List
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2025/10/27/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/html/ssa-032379.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2023-43504
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.6||CRITICAL
EPSS-0.23% / 45.84%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 11:03
Updated-08 Jan, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in COMOS (All versions < V10.4.4). Ptmcast executable used for testing cache validation service in affected application is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-comosCOMOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-40943
Matching Score-8
Assigner-Siemens
ShareView Details
Matching Score-8
Assigner-Siemens
CVSS Score-9.4||CRITICAL
EPSS-0.06% / 17.57%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:07
Updated-12 May, 2026 | 08:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagnostics", to import a specially crafted trace file. The malicious trace file is insufficiently sanitized and malicious code could be executed in the clients browser session and trigger PLC operations via the webserver that the legitimate user is authorized to perform.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-1500 CPU 1513F-1 PNSIPLUS ET 200SP CPU 1512SP-1 PNSIPLUS S7-1500 CPU 1515F-2 PN RAILSIMATIC S7-1500 CPU S7-1518-4 PN/DP ODKSIMATIC S7-1500 CPU 1511TF-1 PNSIMATIC S7-1500 Software Controller CPU 1507S V2SIMATIC S7-1500 CPU 1518-3 PNSIMATIC S7-1500 CPU 1518TF-4 PN/DPSIMATIC S7-1500 Software Controller CPU 1508S F V2SIPLUS S7-1500 CPU 1518-4 PN/DP MFPSIPLUS S7-1500 CPU 1511-1 PN TX RAILSIMATIC S7-1500 CPU 1517-3 PN/DPSIMATIC S7-1500 CPU 1512C-1 PNSIMATIC S7-1500 CPU 1517F-3 PNSIMATIC S7-1500 CPU 1518T-3 PNSIPLUS ET 200SP CPU 1512SP-1 PN RAILSIMATIC S7-1500 Software Controller CPU 1508S F V4SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Industrial OSSIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 Software Controller CPU 1507S V3SIMATIC S7-1500 CPU 1511-1 PNSIPLUS S7-1500 CPU 1513-1 PNSIMATIC S7-1500 CPU 1516TF-3 PNSIPLUS S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 CPU 1515T-2 PNSIMATIC S7-1500 Software Controller CPU 1508S TF V3SIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 Software Controller CPU 1507S V4SIMATIC S7-1500 Software Controller CPU 1508S F V3SIMATIC ET 200SP CPU 1510SP-1 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)SIPLUS ET 200SP CPU 1510SP-1 PN RAILSIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V3 CPUs - Windows OSSIPLUS S7-1500 CPU 1515F-2 PN T2 RAILSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSIMATIC S7-PLCSIM AdvancedSIPLUS S7-1500 CPU 1516F-3 PN/DPSIMATIC S7-1500 CPU 1517-3 PNSIMATIC S7-1500 CPU 1513-1 PNSIMATIC ET 200SP CPU 1514SP-2 PNSIMATIC S7-1500 CPU 1517T-3 PNSIMATIC ET 200SP CPU 1514SPT-2 PNSIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PNSIPLUS ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODKSIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PNSIMATIC S7-1500 CPU 1518TF-3 PNSIMATIC S7-1500 Software Controller CPU 1507S F V3SIMATIC ET 200SP CPU 1514SPT F-2 PNSIMATIC S7-1500 CPU 1518F-4 PN/DPSIPLUS ET 200SP CPU 1510SP F-1 PN RAILSIMATIC S7-1500 Software Controller CPU 1507S F V2SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) V2 CPUs - Windows OSSIMATIC S7-1500 CPU 1517TF-3 PN/DPSIMATIC S7-1500 CPU 1516F-3 PN/DPSIPLUS S7-1500 CPU 1511-1 PNSIMATIC S7-1500 Software Controller CPU 1508S V3SIMATIC Drive Controller CPU 1504D TFSIPLUS S7-1500 CPU 1513F-1 PNSIMATIC ET 200SP CPU 1514SP F-2 PNSIMATIC S7-1500 CPU 1516TF-3 PN/DPSIPLUS S7-1500 CPU 1516-3 PN/DP RAILSIMATIC S7-1500 CPU 1511T-1 PNSIMATIC S7-1500 Software Controller CPU 1508S T V3SIMATIC S7-1500 CPU 1516pro F-2 PNSIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PNSIMATIC S7-1500 CPU 1515TF-2 PNSIMATIC S7-1500 CPU 1518T-4 PN/DPSIPLUS S7-1500 CPU 1515F-2 PNSIPLUS S7-1500 CPU 1516-3 PN/DPSIPLUS ET 200SP CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1516-3 PN/DP TX RAILSIMATIC S7-1500 Software Controller CPU 1508S V4SIMATIC S7-1500 CPU 1517F-3 PN/DPSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-1500 Software Controller Linux V3SIMATIC S7-1500 CPU 1518F-3 PNSIMATIC ET 200SP Open Controller CPU 1515SP PC3 V4 CPUsSIMATIC S7-1500 CPU 1515F-2 PNSIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PNSIMATIC S7-1500 CPU 1516pro-2 PNSIMATIC S7-1500 CPU 1518-4 PN/DPSIMATIC S7-1500 CPU 1517T-3 PN/DPSIMATIC S7-1500 CPU 1516T-3 PN/DPSIMATIC ET 200SP CPU 1510SP F-1 PNSIPLUS S7-1500 CPU 1518-4 PN/DPSIPLUS ET 200SP CPU 1510SP-1 PNSIMATIC S7-1500 Software Controller Linux V2SIMATIC Drive Controller CPU 1507D TFSIMATIC S7-1500 CPU 1513pro-2 PNSIMATIC S7-1500 CPU 1516-3 PN/DPSIPLUS S7-1500 CPU 1518F-4 PN/DPSIMATIC S7-1500 CPU 1516T-3 PNSIMATIC S7-1500 CPU 1515-2 PNSIMATIC S7-1500 Software Controller CPU 1508S V2SIPLUS S7-1500 CPU 1516F-3 PN/DP RAILSIMATIC S7-1500 Software Controller CPU 1507S F V4SIPLUS S7-1500 CPU 1511-1 PN T1 RAILSIMATIC S7-1500 CPU 1511C-1 PNSIPLUS ET 200SP CPU 1512SP F-1 PN RAILSIMATIC S7-1500 CPU 1517TF-3 PNSIMATIC S7-1500 CPU 1513pro F-2 PNSIMATIC ET 200SP CPU 1512SP-1 PN
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2024-28085
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.3||LOW
EPSS-11.20% / 93.60%
||
7 Day CHG+0.26%
Published-27 Mar, 2024 | 00:00
Updated-12 May, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.

Action-Not Available
Vendor-n/akernelDebian GNU/LinuxSiemens AGLinux Kernel Organization, Inc
Product-debian_linuxutil-linuxn/aSIPLUS S7-1500 CPU 1518-4 PN/DP MFPRUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1400SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPRUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX1512RUGGEDCOM ROX RX1501RUGGEDCOM ROX MX5000RESIMATIC S7-1500 CPU 1518-4 PN/DP MFPRUGGEDCOM ROX RX5000RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1510util-linuxRUGGEDCOM ROX RX1511
CWE ID-CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
CVE-2024-47252
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.65% / 71.10%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 16:55
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: mod_ssl error log variable escaping

Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%{varname}x" or "%{varname}c" to log variables provided by mod_ssl such as SSL_TLS_SNI, no escaping is performed by either mod_log_config or mod_ssl and unsanitized data provided by the client may appear in log files.

Action-Not Available
Vendor-The Apache Software Foundation
Product-http_serverApache HTTP Server
CWE ID-CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
CVE-2025-65082
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.34%
||
7 Day CHG~0.00%
Published-05 Dec, 2025 | 10:46
Updated-10 Dec, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache HTTP Server: CGI environment variable override

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through 2.4.65. Users are recommended to upgrade to version 2.4.66 which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-http_serverApache HTTP Server
CWE ID-CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
CVE-2024-32986
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.7||CRITICAL
EPSS-0.12% / 31.16%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 09:58
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Arbitrary code execution due to improper sanitization of web app properties in PWAsForFirefox

PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines into XDG Desktop Entries (on Linux) and `AppInfo.ini` (on PortableApps.com). This allowed malicious web apps to introduce keys like `Exec`, which could run arbitrary code when the affected web app was launched. This vulnerability affects all Linux and PortableApps.com users of all PWAsForFirefox versions up to (excluding) 2.12.0. Windows and macOS users are not affected. This vulnerability has been fixed in commit `9932d4b` which has been included in release in v2.12.0. The main fix is implemented in the native part, but the extension also contains additional fixes. All Linux and PortableApps.com users are advised to update to this version as soon as possible. It is also recommended for Windows and macOS users to update to this version, as it contains additional fixes related to properties sanitization. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-filips123filips123
Product-PWAsForFirefoxPWAsForFirefox
CWE ID-CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
Details not found