roozbehr66
commented
3 years ago yes it is. ther version inside the package is one of the haproxy versions with the announced security issue
Closed roozbehr66 closed 3 years ago
roozbehr66
commented
3 years ago yes it is. ther version inside the package is one of the haproxy versions with the announced security issue
is this repo release also affected by this security issue?
An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.
https://nvd.nist.gov/vuln/detail/CVE-2021-40346