Description
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
Remediation
References
Related Vulnerabilities
ReviveAdserver Deserialization of Untrusted Data Vulnerability (CVE-2017-5830)
MySQL CVE-2018-2787 Vulnerability (CVE-2018-2787)
WordPress Plugin Feed Them Gallery Cross-Site Scripting (1.1.8)
WordPress 3.0.1 Multiple Vulnerabilities (0.6.2 - 3.0.1)
Magento Insufficient Session Expiration Vulnerability (CVE-2021-21032)