ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
A CVE was published on October 9 2024:
CVE-2024-46292
We wrote a blog post where we try to summarize what happened:
https://modsecurity.org/20241011/about-cve-2024-46292-2024-october/
If you have any question or want to discuss anything you can ask here.