CVE-2023-45539

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-45539

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45539.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-45539

Aliases

BIT-haproxy-2023-45539

Related

Published

2023-11-28T20:15:07Z

Modified

2024-08-01T05:23:14.178666Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

[none]

Details

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

References

Affected packages

Git / github.com/haproxy/haproxy

Affected ranges

Type: GIT
Repo: https://github.com/haproxy/haproxy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0f29b34e0a06cdd59ae2278d33c16f63ca435468

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.1.0

v1.1.1

v1.1.10

v1.1.11

v1.1.12

v1.1.13

v1.1.14

v1.1.15

v1.1.16

v1.1.17

v1.1.18

v1.1.19

v1.1.2

v1.1.20

v1.1.21

v1.1.22

v1.1.23

v1.1.24

v1.1.25

v1.1.26

v1.1.27

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.1.8

v1.1.9

v1.2.0

v1.2.1

v1.2.1-pre1

v1.2.1-pre2

v1.2.1-pre3

v1.2.10

v1.2.10.1

v1.2.11

v1.2.11.1

v1.2.12

v1.2.13

v1.2.13.1

v1.2.14

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.5-pre1

v1.2.5-pre2

v1.2.5-pre3

v1.2.5-pre4

v1.2.5.1

v1.2.5.2

v1.2.6

v1.2.6-pre4

v1.2.6-pre5

v1.2.7

v1.2.7.1

v1.2.7rc

v1.2.8

v1.2.9

v1.3.0

v1.3.1

v1.3.10

v1.3.10.1

v1.3.10.2

v1.3.11

v1.3.11.1

v1.3.11.2

v1.3.11.3

v1.3.11.4

v1.3.12

v1.3.13

v1.3.14

v1.3.15

v1.3.16

v1.3.16-rc1

v1.3.16-rc2

v1.3.17

v1.3.18

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.6.1

v1.3.7

v1.3.8

v1.3.8.1

v1.3.8.2

v1.3.9

v1.4-dev0

v1.4-dev1

v1.4-dev2

v1.4-dev3

v1.4-dev4

v1.4-dev5

v1.4-dev6

v1.4-dev7

v1.4-dev8

v1.4-rc1

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.5-dev10

v1.5-dev12

v1.5-dev13

v1.5-dev14

v1.5-dev15

v1.5-dev16

v1.5-dev17

v1.5-dev18

v1.5-dev19

v1.5-dev20

v1.5-dev21

v1.5-dev22

v1.5-dev23

v1.5-dev24

v1.5-dev25

v1.5-dev26

v1.5-dev8

v1.5-dev9

v1.5.0

v1.6-dev0

v1.6-dev1

v1.6-dev2

v1.6-dev3

v1.6-dev4

v1.6-dev5

v1.6-dev6

v1.6-dev7

v1.6.0

v1.7-dev0

v1.7-dev1

v1.7-dev2

v1.7-dev3

v1.7-dev4

v1.7-dev5

v1.7-dev6

v1.7.0

v1.8-dev0

v1.8-dev1

v1.8-dev2

v1.8-dev3

v1.8-rc1

v1.8-rc2

v1.8-rc3

v1.8-rc4

v1.8.0

v1.9-dev0

v1.9-dev1

v1.9-dev10

v1.9-dev11

v1.9-dev2

v1.9-dev3

v1.9-dev4

v1.9-dev5

v1.9-dev6

v1.9-dev7

v1.9-dev8

v1.9-dev9

v1.9.0

v2.*

v2.0-dev0

v2.0-dev1

v2.0-dev2

v2.0-dev3

v2.0-dev4

v2.0-dev5

v2.0-dev6

v2.0-dev7

v2.0.0

v2.1-dev0

v2.1-dev1

v2.1-dev2

v2.1-dev3

v2.1-dev4

v2.1-dev5

v2.1.0

v2.2-dev0

v2.2-dev1

v2.2-dev10

v2.2-dev11

v2.2-dev12

v2.2-dev2

v2.2-dev3

v2.2-dev4

v2.2-dev5

v2.2-dev6

v2.2-dev7

v2.2-dev8

v2.2-dev9

v2.2.0

v2.3-dev0

v2.3-dev1

v2.3-dev2

v2.3-dev3

v2.3-dev4

v2.3-dev5

v2.3-dev6

v2.3-dev7

v2.3-dev8

v2.3-dev9

v2.3.0

v2.4-dev0

v2.4-dev1

v2.4-dev10

v2.4-dev11

v2.4-dev12

v2.4-dev13

v2.4-dev14

v2.4-dev15

v2.4-dev16

v2.4-dev17

v2.4-dev18

v2.4-dev19

v2.4-dev2

v2.4-dev3

v2.4-dev4

v2.4-dev5

v2.4-dev6

v2.4-dev7

v2.4-dev8

v2.4-dev9

v2.4.0

v2.5-dev0

v2.5-dev1

v2.5-dev10

v2.5-dev11

v2.5-dev12

v2.5-dev13

v2.5-dev14

v2.5-dev15

v2.5-dev2

v2.5-dev3

v2.5-dev4

v2.5-dev5

v2.5-dev6

v2.5-dev7

v2.5-dev8

v2.5-dev9

v2.5.0

v2.6-dev0

v2.6-dev1

v2.6-dev10

v2.6-dev11

v2.6-dev12

v2.6-dev2

v2.6-dev3

v2.6-dev4

v2.6-dev5

v2.6-dev6

v2.6-dev7

v2.6-dev8

v2.6-dev9

v2.6.0

v2.7-dev0

v2.7-dev1

v2.7-dev10

v2.7-dev2

v2.7-dev3

v2.7-dev4

v2.7-dev5

v2.7-dev6

v2.7-dev7

v2.7-dev8

v2.7-dev9

v2.7.0

v2.8-dev0

v2.8-dev1