CVE-2022-40743

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-40743

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40743.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-40743

Downstream

UBUNTU-CVE-2022-40743

Published

2022-12-19T12:15:11Z

Modified

2025-07-29T10:41:11.006967Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.

References

Affected packages

Debian:12 / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/debian/trafficserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.1.4+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/trafficserver

Affected ranges

Type: GIT
Repo: https://github.com/apache/trafficserver
Events: Introduced

b14030656330ed623cd1f9efe2f4f9abd9d16e29

Last affected

30e5bdb03dea1492caf569a1af57eef647ee076c

Introduced

b310e3566f58dd04ec2b15b111ec86ea70e20019

Last affected

b4393bc5aca5ac3b6f339722457a0ebd4dbf5517

Affected versions

8.*

8.0.0

8.0.0-rc4

8.0.1

8.0.1-rc0

8.0.2

8.0.2-rc0

8.0.3

8.0.3-rc0

8.0.4

8.0.4-rc0

8.0.5

8.0.6

8.0.6-rc0

8.0.6-rc1

8.1.0

8.1.0-rc0

8.1.1

8.1.1-rc0

8.1.2-rc0

8.1.3

8.1.3-rc0

8.1.3-rc1

8.1.4

8.1.4-rc0

8.1.5

8.1.5-rc0