| Topic: | CRLF injection/HTTP response splitting affecting /calendar/set.php |
| Severity: | Serious |
| Versions affected: | 2.1 to 2.1.2+, 2.0 to 2.0.5+, 1.9 to 1.9.14+ |
| Reported by: | David Michael Evans, German Sanchez Garces |
| Issue no.: | MDL-29925 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=581e8dba387f090d89382115fd850d8b44351526 |
Description:
It was possible to take advantage of the structure of request headers to inject information for various nefarious purposes.