CVE-2023-30631

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-30631
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-30631.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-30631
Downstream
Published
2023-06-14T07:44:55.149Z
Modified
2026-06-18T03:55:43.647531230Z
Summary
Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work
Details

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.pushmethodenabled didn't function.  However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0.

8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

Database specific 
{
    "cwe_ids": [
        "CWE-20"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/30xxx/CVE-2023-30631.json",
    "cna_assigner": "apache",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "8.0.0"
                },
                {
                    "last_affected": "9.2.0"
                }
            ],
            "source": "AFFECTED_FIELD"
        },
        {
            "extracted_events": [
                {
                    "introduced": "8.0.0"
                },
                {
                    "fixed": "9.2.0"
                }
            ],
            "source": "DESCRIPTION"
        }
    ]
}
References

Affected packages

Git / github.com/apache/trafficserver

Affected ranges

Type
GIT
Repo
https://github.com/apache/trafficserver
Events
Introduced
b310e3566f58dd04ec2b15b111ec86ea70e20019
Fixed
005a6ce785df717b2bf565dc07b66b4f918c024c
Introduced
b14030656330ed623cd1f9efe2f4f9abd9d16e29
Fixed
c0402b7f021092a8fef885d78ec2608a8bd3f375
Database specific 
{
    "extracted_events": [
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.1.7"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.2.1"
        }
    ],
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*"
}

Affected versions

8.*
8.0.0
8.0.0-rc4
8.0.1
8.0.1-rc0
8.0.2
8.0.2-rc0
8.0.3
8.0.3-rc0
8.0.4
8.0.4-rc0
8.0.5
8.0.6
8.0.6-rc0
8.0.6-rc1
8.1.0
8.1.0-rc0
8.1.1
8.1.1-rc0
8.1.2-rc0
8.1.3
8.1.3-rc0
8.1.3-rc1
8.1.4
8.1.4-rc0
8.1.5
8.1.5-rc0
8.1.6
8.1.6-rc0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-30631.json"