CVE-2020-10753

Name	CVE-2020-10753
Description	A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
References	DLA-2735-1
Debian Bugs	975300

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
ceph (PTS)	buster	12.2.11+dfsg1-2.1	vulnerable
	bullseye	14.2.21-1	fixed
	bookworm, sid	16.2.11+ds-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
ceph	source	stretch	10.2.11-2+deb9u1		DLA-2735-1
ceph	source	(unstable)	14.2.15-1			975300

Notes

[buster] - ceph <no-dsa> (Minor issue)
[jessie] - ceph <no-dsa> (Minor issue)
https://github.com/ceph/ceph/pull/35773
Fix: https://github.com/ceph/ceph/commit/1524d3c0c5cb11775313ea1e2bb36a93257947f2