Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choosing a similar e-mail address.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bugzilla 输入验证漏洞
Vulnerability Description
Bugzilla是美国Mozilla基金会开发的一套开源的缺陷跟踪系统,它可管理软件开发中缺陷的提交(new)、修复(resolve)、关闭(close)等整个生命周期。 Bugzilla多个版本中存在输入验证漏洞,该漏洞源于没有拒绝新用户账户e-mail地址中的非ASCII字符编码。远程认证用户借助一个类似e-mail地址欺骗其他用户帐户。该漏洞存在于以下版本:Bugzilla 3.4.14版本之前的2.x与3.x版本,3.6.8版本之前的3.5.x与3.6.x版本,4.0.4版本之前的3.7.x与4.
CVSS Information
N/A
Vulnerability Type
N/A