Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-40743

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.

Published

2022-12-19T12:15:11.040

Last Modified

2025-04-17T15:15:47.180

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-79
Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	traffic_server	≤ 8.1.5	Yes
Application	apache	traffic_server	≤ 9.1.3	Yes

References

https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02 Mailing List, Vendor Advisory ([email protected])
https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02 Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)