[trafficcontrol-website] 01/02: Add CVE-2021-42009

[zrhoffman]

This is an automated email from the ASF dual-hosted git repository.

zrhoffman pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/trafficcontrol-website.git

commit 20ca818dbd619a61e0eecd00e6b6312e62b75993
Author: Zach Hoffman <zrhoff...@apache.org>
AuthorDate: Mon Oct 11 18:24:24 2021 -0600

    Add CVE-2021-42009
---
 releases/index.html | 2 +-
 security/index.html | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/releases/index.html b/releases/index.html
index 4e5caa6..5622daa 100644
--- a/releases/index.html
+++ b/releases/index.html
@@ -162,7 +162,7 @@
                         </p>
                         <p class="card-text"><h6>Fixed</h6>
                         <ul>
-                            <li><strong><a 
href="https://nvd.nist.gov/vuln/detail/CVE-2021-42009"; 
rel="nofollow">CVE-2021-42009</a></strong>: Customer names in payloads sent to 
the <code>/deliveryservices/request</code> Traffic Ops API endpoint can no 
longer contain characters besides alphanumerics, @, !, #, $, %, ^, &amp;, *, (, 
), [, ], '.', ' ', and '-'. This fixes a vulnerability that allowed email 
content injection.</li>
+                            <li><strong><a 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42009"; 
rel="nofollow">CVE-2021-42009</a></strong>: Customer names in payloads sent to 
the <code>/deliveryservices/request</code> Traffic Ops API endpoint can no 
longer contain characters besides alphanumerics, @, !, #, $, %, ^, &amp;, *, (, 
), [, ], '.', ' ', and '-'. This fixes a vulnerability that allowed email 
content injection.</li>
                             <li><a 
href="https://github.com/apache/trafficcontrol/issues/2471";>#2471</a> - A PR 
check to ensure added db migration file is the latest.</li>
                             <li><a 
href="https://github.com/apache/trafficcontrol/issues/5609";>#5609</a> - Fixed 
GET /servercheck filter for an extra query param.</li>
                             <li><a 
href="https://github.com/apache/trafficcontrol/issues/5954";>#5954</a> - Traffic 
Ops HTTP response write errors are ignored</li>
diff --git a/security/index.html b/security/index.html
index ad7b9c4..91c5cfd 100644
--- a/security/index.html
+++ b/security/index.html
@@ -103,6 +103,8 @@
                     <div class="card-body">
                         <h4 class="card-title">Past Vulnerabilities</h4>
                         <ul>
+                            <li><a 
href="https://nvd.nist.gov/vuln/detail/CVE-2021-42009";>CVE-2021-42009: Apache 
Traffic
+                                    Control Email Injection 
Vulnerability</a></li>
                             <li><a 
href="https://nvd.nist.gov/vuln/detail/CVE-2020-17522";>CVE-2020-17522: Apache 
Traffic
                                     Control Mid Tier Cache Manipulation 
Attack</a></li>
                             <li><a 
href="https://nvd.nist.gov/vuln/detail/CVE-2019-12405";>CVE-2019-12405: Apache 
Traffic