BIT-haproxy-2025-11230

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/haproxy/BIT-haproxy-2025-11230.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-haproxy-2025-11230
Aliases
Published
2025-12-20T11:38:08.173Z
Modified
2025-12-20T12:26:16.327953Z
Summary
Denial of service vulnerability in HAProxy mjson library
Details

Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.

Database specific 
{
    "cpes": [
        "cpe:2.3:a:haproxy:haproxy:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / haproxy

Package

Name
haproxy
Purl
pkg:bitnami/haproxy

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
2.4.0
Fixed
2.4.30
Introduced
2.6.0
Fixed
2.6.23
Introduced
2.8.0
Fixed
2.8.16
Introduced
3.0.0
Fixed
3.0.12
Introduced
3.1.0
Fixed
3.1.9
Introduced
3.2.0
Fixed
3.2.6

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/haproxy/BIT-haproxy-2025-11230.json"