CVE-2024-24990
- Source
- https://cve.org/CVERecord?id=CVE-2024-24990
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24990.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-24990
- Aliases
- Downstream
- Related
- Published
- 2024-02-14T17:15:15.713Z
- Modified
- 2026-05-18T05:55:36.661487773Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.
Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
- Database specific
{ "unresolved_ranges": [ { "cpes": [ "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*", "cpe:2.3:a:f5:nginx_plus:r30:p1:*:*:*:*:*:*", "cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "r30-NA" }, { "last_affected": "r30-p1" }, { "last_affected": "r31-NA" } ], "source": "CPE_FIELD", "vendor_product": "f5:nginx_plus" } ] }- References