CVE-2021-27577

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-27577
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-27577.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-27577
Downstream
Published
2021-06-29T12:15:08Z
Modified
2025-09-19T12:44:29.902265Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

References

Affected packages

Git / github.com/apache/trafficserver

Affected ranges

Type
GIT
Repo
https://github.com/apache/trafficserver
Events
Introduced
b14030656330ed623cd1f9efe2f4f9abd9d16e29
Last affected
3bb1ae9fa5c71b8e65cb782f402d8780b522693d
Introduced
6c1c6cf20e7d0e287d697a0f4181436013d17c30
Last affected
8e8bf8c583d55e46c4de34cccee0c4c5df83e979
Introduced
b310e3566f58dd04ec2b15b111ec86ea70e20019
Last affected
c71b082690599c6da5efe981175fcb9a1a961a1b

Affected versions

8.*

8.0.0
8.0.0-rc4
8.0.1
8.0.1-rc0
8.0.2
8.0.2-rc0
8.0.3
8.0.3-rc0
8.0.4
8.0.4-rc0
8.0.5
8.0.6
8.0.6-rc0
8.0.6-rc1
8.1.0
8.1.0-rc0
8.1.1
8.1.1-rc0

9.*

9.0.0
9.0.0-rc1
9.0.1
9.0.1-rc0
9.0.1-rc1