CVE-2021-39240 - Debian Debian Linux and Haproxy Haproxy
Critical 7.5
An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 server) might differ from what the routing rules were intended to achieve.
Affected software
Debian Debian Linux
Haproxy Haproxy