CVE-2021-35368

Опубликовано: 05 нояб. 2021

Источник: debian

Описание

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
modsecurity-crs	fixed	3.3.2-1		package
modsecurity-crs	fixed	3.3.0-1+deb11u1	bullseye	package
modsecurity-crs	fixed	3.1.0-1+deb10u2	buster	package
modsecurity-crs	no-dsa		stretch	package

Примечания

https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/
https://github.com/coreruleset/coreruleset/pull/2143
https://github.com/coreruleset/coreruleset/commit/132c19c8f21c8cd4d3cd484d4f34ef786ee39b05 (v3.4-dev)
Introduced by https://github.com/coreruleset/coreruleset/commit/b3995e5d332be9f2445ee91b6e1366440bdbe109 (v3.0.0-rc2)

Связанные уязвимости

CVE-2021-35368

CVSS3: 9.8

ubuntu

больше 4 лет назад

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.

CVE-2021-35368

CVSS3: 9.8

nvd

больше 4 лет назад

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.

GHSA-2xw7-44j9-24rv

CVSS3: 9.8

github

больше 3 лет назад

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.