Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vikunja has an iCalendar Property Injection via CRLF in CalDAV Task Output
Vulnerability Description
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT value escaping. User-controlled task titles containing CRLF characters break the iCalendar property boundary, allowing injection of arbitrary iCalendar properties such as ATTACH, VALARM, or ORGANIZER. This vulnerability is fixed in 2.3.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Vulnerability Title
Vikunja 注入漏洞
Vulnerability Description
Vikunja是Vikunja开源的一个待办事项应用程序。 Vikunja 2.3.0之前版本存在注入漏洞,该漏洞源于CalDAV输出生成器通过原始字符串拼接构建iCalendar条目时未应用RFC 5545 TEXT值转义,可能导致通过用户控制的标题注入任意iCalendar属性。
CVSS Information
N/A
Vulnerability Type
N/A