Additional Information: Impacted Versions: 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.
Credit: This issue was discovered by GitHub's CodeQL code scanning service. On Mon, Oct 11, 2021 at 8:29 PM Eric Friedrich <fri...@apache.org> wrote: > Description: > > An authenticated Traffic Ops user with Portal-level privileges can send a > request with a specially-crafted email subject to the > /deliveryservices/request Traffic Ops endpoint to send an email, from the > Traffic Ops server, with an arbitrary body to an arbitrary email address. > >
