CVE-2024-40632
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-40632
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40632.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-40632
- Aliases
-
- GHSA-6v94-gj6x-jqj7
- GO-2024-2984
- Published
- 2024-07-15T22:15:03Z
- Modified
- 2024-10-08T04:27:02.677182Z
- Summary
- [none]
- Details
-
Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. In affected versions when the application being run by linkerd is susceptible to SSRF, an attacker could potentially trigger a denial-of-service (DoS) attack by making requests to localhost:4191/shutdown. Linkerd could introduce an optional environment variable to control a token that must be passed as a header. Linkerd should reject shutdown requests that do not include this header. This issue has been addressed in release version edge-24.6.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
- References
Affected packages
Git / github.com/linkerd/linkerd2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/linkerd/linkerd2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
edge-18.*
edge-18.10.1
edge-18.10.2
edge-18.10.3
edge-18.10.4
edge-18.11.1
edge-18.11.2
edge-18.11.3
edge-18.12.1
edge-18.12.2
edge-18.12.3
edge-18.12.4
edge-18.9.2
edge-18.9.3
edge-19.*
edge-19.1.1
edge-19.1.2
edge-19.1.3
edge-19.1.4
edge-19.10.1
edge-19.10.2
edge-19.10.3
edge-19.10.4
edge-19.10.5
edge-19.11.1
edge-19.11.2
edge-19.11.3
edge-19.12.1
edge-19.12.2
edge-19.12.3
edge-19.2.1
edge-19.2.2
edge-19.2.3
edge-19.2.4
edge-19.2.5
edge-19.3.1
edge-19.3.2
edge-19.3.3
edge-19.4.1
edge-19.4.2
edge-19.4.3
edge-19.4.4
edge-19.4.5
edge-19.5.1
edge-19.5.2
edge-19.5.3
edge-19.5.4
edge-19.6.1
edge-19.6.13
edge-19.6.2
edge-19.6.3
edge-19.6.4
edge-19.7.1
edge-19.7.2
edge-19.7.3
edge-19.7.4
edge-19.7.5
edge-19.8.1
edge-19.8.2
edge-19.8.3
edge-19.8.4
edge-19.8.5
edge-19.8.6
edge-19.8.7
edge-19.9.1
edge-19.9.2
edge-19.9.3
edge-19.9.4
edge-19.9.5
edge-20.*
edge-20.1.1
edge-20.1.2
edge-20.1.3
edge-20.1.4
edge-20.10.1
edge-20.10.2
edge-20.10.3
edge-20.10.4
edge-20.10.5
edge-20.10.6
edge-20.11.1
edge-20.11.2
edge-20.11.3
edge-20.11.4
edge-20.11.5
edge-20.12.1
edge-20.12.2
edge-20.12.3
edge-20.12.4
edge-20.2.1
edge-20.2.2
edge-20.2.3
edge-20.3.1
edge-20.3.2
edge-20.3.3
edge-20.3.4
edge-20.4.1
edge-20.4.2
edge-20.4.3
edge-20.4.4
edge-20.4.5
edge-20.5.1
edge-20.5.2
edge-20.5.3
edge-20.5.4
edge-20.5.5
edge-20.6.1
edge-20.6.2
edge-20.6.3
edge-20.6.4
edge-20.7.1
edge-20.7.2
edge-20.7.3
edge-20.7.4
edge-20.7.5
edge-20.8.1
edge-20.8.2
edge-20.8.3
edge-20.8.4
edge-20.9.1
edge-20.9.2
edge-20.9.3
edge-20.9.4
edge-21.*
edge-21.1.1
edge-21.1.2
edge-21.1.3
edge-21.1.4
edge-21.10.1
edge-21.10.2
edge-21.10.3
edge-21.11.1
edge-21.11.2
edge-21.11.3
edge-21.11.4
edge-21.12.1
edge-21.12.2
edge-21.12.3
edge-21.12.4
edge-21.2.1
edge-21.2.2
edge-21.2.3
edge-21.2.4
edge-21.3.1
edge-21.3.2
edge-21.3.3
edge-21.3.4
edge-21.4.1
edge-21.4.2
edge-21.4.3
edge-21.4.4
edge-21.4.5
edge-21.5.1
edge-21.5.2
edge-21.5.3
edge-21.6.1
edge-21.6.2
edge-21.6.3
edge-21.6.4
edge-21.6.5
edge-21.7.1
edge-21.7.2
edge-21.7.3
edge-21.7.4
edge-21.7.5
edge-21.8.1
edge-21.8.2
edge-21.8.3
edge-21.8.4
edge-21.9.2
edge-21.9.3
edge-21.9.4
edge-21.9.5
edge-22.*
edge-22.1.1
edge-22.1.2
edge-22.1.3
edge-22.1.4
edge-22.1.5
edge-22.10.1
edge-22.10.2
edge-22.10.3
edge-22.11.1
edge-22.11.2
edge-22.11.3
edge-22.12.1
edge-22.2.1
edge-22.2.2
edge-22.2.3
edge-22.2.4
edge-22.3.1
edge-22.3.2
edge-22.3.3
edge-22.3.4
edge-22.3.5
edge-22.4.1
edge-22.5.1
edge-22.5.2
edge-22.5.3
edge-22.6.1
edge-22.6.2
edge-22.7.1
edge-22.7.2
edge-22.7.3
edge-22.8.1
edge-22.8.2
edge-22.8.3
edge-22.9.1
edge-22.9.2
edge-23.*
edge-23.1.1
edge-23.1.2
edge-23.10.1
edge-23.10.2
edge-23.10.3
edge-23.10.4
edge-23.11.1
edge-23.11.2
edge-23.11.3
edge-23.11.4
edge-23.12.1
edge-23.12.2
edge-23.12.3
edge-23.12.4
edge-23.2.1
edge-23.2.2
edge-23.2.3
edge-23.3.1
edge-23.3.2
edge-23.3.3
edge-23.3.4
edge-23.4.1
edge-23.4.2
edge-23.4.3
edge-23.5.1
edge-23.5.2
edge-23.5.3
edge-23.6.1
edge-23.6.2
edge-23.6.3
edge-23.7.1
edge-23.7.2
edge-23.7.3
edge-23.8.1
edge-23.8.2
edge-23.8.3
edge-23.9.1
edge-23.9.2
edge-23.9.3
edge-23.9.4
edge-24.*
edge-24.1.1
edge-24.1.2
edge-24.1.3
edge-24.2.1
edge-24.2.2
edge-24.2.3
edge-24.2.4
edge-24.2.5
edge-24.3.1
edge-24.3.2
edge-24.3.3
edge-24.3.4
edge-24.3.5
edge-24.4.1
edge-24.4.2
edge-24.4.3
edge-24.4.4
edge-24.4.5
edge-24.5.1
edge-24.5.2
edge-24.5.3
edge-24.5.4
edge-24.5.5
edge-24.6.1
stable-2.*
stable-2.0.0
stable-2.1.0
stable-2.10.0
stable-2.10.1
stable-2.11.0
stable-2.12.0
stable-2.12.0-rc2
stable-2.12.1
stable-2.13.0
stable-2.13.1
stable-2.14.0
stable-2.2.0
stable-2.3.0
stable-2.4.0
stable-2.5.0
stable-2.6.0
stable-2.7.0
stable-2.8.0
stable-2.8.1
stable-2.9.0
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.2.0
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v18.*
v18.7.1
v18.7.2
v18.7.3
v18.8.1
v18.8.2
v18.8.3
v18.8.4
v18.9.1
version-2.*
version-2.15