CVE-2024-38479

HIGH7.5EPSS 0.57%

trafficserver - security update

Published: 11/14/2024Modified: 4/28/2026

Description

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

Affected packages (2)

Debian/trafficserverfrom 0, < 8.1.11+ds-0+deb11u2
Debian/trafficserverfrom 0, < 8.1.11+ds-0+deb11u2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-38479