[Git][security-tracker-team/security-tracker][master] Apache mod_proxy HTTP2 request line injection

Paul Wise (@pabs) pabs at debian.org
Thu Aug 12 07:39:32 BST 2021



Paul Wise pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a955125 by Paul Wise at 2021-08-12T14:39:22+08:00
Apache mod_proxy HTTP2 request line injection

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12256,8 +12256,10 @@ CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allow
 	NOTE: https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ
 	NOTE: https://github.com/golang/go/issues/46288
 	TODO: check completeness
-CVE-2021-33193
+CVE-2021-33193 [Apache mod_proxy HTTP2 request line injection]
 	RESERVED
+	NOTE: https://portswigger.net/research/http2
+	NOTE: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c
 CVE-2021-33192 (A vulnerability in the HTML pages of Apache Jena Fuseki allows an atta ...)
 	NOT-FOR-US: Apache Jena Fuseki
 CVE-2021-33191



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a9551252e9556eec6349b021fa75c7f5aa51355

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a9551252e9556eec6349b021fa75c7f5aa51355
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210812/514b8d52/attachment.htm>


More information about the debian-security-tracker-commits mailing list