CVE-2024-49214

Published October 14th, 2024

View on NVD ↗

CVSS v3

5.3

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

haproxy/haproxy

HAProxy Load Balancer's development branch (mirror of git.haproxy.org)

GitHub

6.65K