Highly Rated and Recommended
We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews
| Issue: |
|
|---|---|
| Date: |
|
| Severity: | Medium |
| Requires Admin Access: | No |
| Fix Version: | 3 |
| Credit: | Isaac.nl |
| Description: |
Scanning software (Acunetix) has reported a CRLF Injection vulnerability in the htmlpdf servlet. I have discussed this report with our Dotcms developers and they feel the report is correct and the problem is located in the Dotcms codebase. |
| Mitigation: |
Unmap the htmlpdf servlet if it is not being used. If it is being used, update the code to sanitize the filename parameter. |
We're rated Excellent 4.2/5 stars on G2 - with 95+ verified reviews