CVE-2022-40743

Description

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.

How to fix CVE-2022-40743

To remediate CVE-2022-40743, upgrade the affected package to a fixed version below.

Debian/trafficserver—upgrade to 9.1.4+ds-1 or later

Is CVE-2022-40743 being exploited?

Moderate — EPSS is 19.3%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 9.1.4+ds-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2022-40743