CVE-2020-17508

HIGH7.5EPSS 2.7%

trafficserver - security update

Published: 1/11/2021Modified: 4/28/2026

Description

The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.

Affected packages (2)

Debian/trafficserverfrom 0, < 8.1.1+ds-1
Debian/trafficserverfrom 0, < 8.0.2+ds-1+deb10u4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-17508