Описание
When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.
EPSS
Процентиль: 0%
0.00003
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 6.5
debian
2 дня назад
When the early_acl_drop (earlyACLDrop in Lua) option is disabled (defa ...
CVSS3: 6.5
github
2 дня назад
When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.
EPSS
Процентиль: 0%
0.00003
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-863