pkg:Bitnami/modsecurity2

All known vulnerabilities

• HIGH8.6CVE-2024-1019WAF bypass of the ModSecurity v3 release line
  >= 3.0.0
• HIGH7.5CVE-2026-42268ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators
  >= 3.0.0, < 3.0.15
• HIGH7.5CVE-2026-30923libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings
  from 0, < 3.0.15
• HIGH7.5CVE-2024-46292A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name par…
  >= 3.0.12, <= 3.0.12
• HIGH7.5CVE-2025-48866ModSecurity has possible DoS vulnerability in sanitiseArg action
  from 0, < 2.9.10
• HIGH7.5CVE-2025-47947ModSecurity Has Possible DoS Vulnerability
  from 0, < 2.9.9
• HIGH7.5CVE-2025-27110Libmodsecurity3 has possible bypass of encoded HTML entities
  >= 3.0.13
• HIGH7.5CVE-2023-38285Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.
  >= 3.0.0, < 3.0.10
• HIGH7.5CVE-2023-28882Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs c…
  >= 3.0.5, < 3.0.9
• HIGH7.5CVE-2023-24021Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer ove…
  from 0, < 2.9.7
• HIGH7.5CVE-2022-48279modsecurity-apache - security update
  from 0, < 2.9.6
• HIGH7.5CVE-2021-42717modsecurity-apache - security update
  >= 2.0.0, < 2.9.5
• HIGH7.5CVE-2020-15598modsecurity - security update
  >= 3.0.0, < 3.0.5
• MEDIUM6.5CVE-2025-52891ModSecurity empty XML tag causes segmentation fault
  >= 2.9.8, < 2.9.11
• MEDIUM6.1CVE-2025-54571ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure
  from 0, < 2.9.12