CVE-2024-40632
Linkerd potential access to the shutdown endpoint in github.com/linkerd/linkerd2
EPSS 0.09%
Description
Linkerd potential access to the shutdown endpoint in github.com/linkerd/linkerd2
How to fix CVE-2024-40632
To remediate CVE-2024-40632, upgrade the affected package to a fixed version below.
- Go/github.com/linkerd/linkerd2—upgrade to 0.5.1-0.20240614165515-35fb2d6d11ef or later
Is CVE-2024-40632 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.5.1-0.20240614165515-35fb2d6d11ef
References (4)
- ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-40632
- PATCHgithub.com/linkerd/linkerd2/commit/35fb2d6d11ef6520ae516dd717790529f85224fa
- WEBgithub.com/linkerd/linkerd2-proxy/blob/46957de49f25fd4661af7b7c52659148f4d6dd27/linkerd/app/admin/src/server.rs
- WEBgithub.com/linkerd/linkerd2/security/advisories/GHSA-6v94-gj6x-jqj7