CVE-2024-38479
trafficserver - security update
7.5
HIGH
CVSS 3.1
EPSS 0.57%
Description
Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.
How to fix CVE-2024-38479
To remediate CVE-2024-38479, upgrade the affected package to a fixed version below.
- —upgrade to 8.1.11+ds-0+deb11u2 or later
- —upgrade to 8.1.11+ds-0+deb11u2 or later
Is CVE-2024-38479 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 8.1.11+ds-0+deb11u2
- from 0, < 8.1.11+ds-0+deb11u2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |