CVE-2021-40346

Published September 8th, 2021

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

MEDIUM

Affected

PROJECT

Description

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

haproxy/haproxy

HAProxy Load Balancer's development branch (mirror of git.haproxy.org)

GitHub

6.65K