INFSA-2024:8849: HAProxy security update
Information about definition
Identificator: INFSA-2024:8849
Type: security
Release date: 2024-11-12 06:42:04 UTC
Information about package
The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.
Vulnerabilities description
- CVE-2023-45539
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-45539
|
no information | 5.3 | no information |
Updated packages