CVE-2021-37150

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-37150

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37150.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-37150

Related

Published

2022-08-10T06:15:08Z

Modified

2024-10-12T07:55:07.826519Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

References

Affected packages

Debian:11 / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/debian/trafficserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.1.5+ds-1~deb11u1

Affected versions

8.*

8.1.1+ds-1.1

8.1.1+ds-1.1+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/debian/trafficserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.1.3+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/trafficserver

Affected ranges

Type: GIT
Repo: https://github.com/apache/trafficserver
Events: Introduced

b310e3566f58dd04ec2b15b111ec86ea70e20019

Last affected

965df952e1da3e5039473db8cf219cf9ef285a93

Introduced

b14030656330ed623cd1f9efe2f4f9abd9d16e29

Last affected

cb7eda60dc8c2068afd458fd20a8dd6232887f0d

Affected versions

8.*

8.0.0

8.0.0-rc4

8.0.1

8.0.1-rc0

8.0.2

8.0.2-rc0

8.0.3

8.0.3-rc0

8.0.4

8.0.4-rc0

8.0.5

8.0.6

8.0.6-rc0

8.0.6-rc1

8.1.0

8.1.0-rc0

8.1.1

8.1.1-rc0

8.1.2-rc0

8.1.3

8.1.3-rc0

8.1.3-rc1

8.1.4

8.1.4-rc0