Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 923858 (CVE-2024-1019)

Summary: dev-libs/modsecurity: WAF bypass
Product: Gentoo Security Reporter: Tomáš Mózes <hydrapolic>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: hydrapolic, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: B4 [glsa? cleanup]
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 923857    
Bug Blocks:    

Description Tomáš Mózes 2024-02-06 04:55:31 UTC 
https://nvd.nist.gov/vuln/detail/CVE-2024-1019

https://github.com/owasp-modsecurity/ModSecurity/releases/tag/v3.0.12
Security impacting issue
  WAF bypass of the ModSecurity v3 release line for path-based payloads by submitting a specially crafted request URL. For details, see CVE 2024-1019.