CVE-2021-39242 - Debian Debian Linux and Haproxy Haproxy

Critical 7.5

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.

Affected software

Debian Debian Linux

Haproxy Haproxy

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.