CVE-2021-37148

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-37148

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37148.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-37148

Downstream

DEBIAN-CVE-2021-37148

DSA-5153-1

UBUNTU-CVE-2021-37148

Published

2021-11-03T16:15:08Z

Modified

2025-09-19T13:07:31.143778Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.

References

Affected packages

Git / github.com/apache/trafficserver

Affected ranges

Type: GIT
Repo: https://github.com/apache/trafficserver
Events: Introduced

b14030656330ed623cd1f9efe2f4f9abd9d16e29

Last affected

3bb1ae9fa5c71b8e65cb782f402d8780b522693d

Affected versions

9.*

9.0.0

9.0.0-rc1

9.0.1

9.0.1-rc0

9.0.1-rc1