diff --git a/cves/2024/38xxx/CVE-2024-38311.json b/cves/2024/38xxx/CVE-2024-38311.json new file mode 100644 index 00000000000..4d91b495458 --- /dev/null +++ b/cves/2024/38xxx/CVE-2024-38311.json @@ -0,0 +1,106 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-38311", + "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", + "state": "PUBLISHED", + "assignerShortName": "apache", + "dateReserved": "2024-06-13T15:53:48.274Z", + "datePublished": "2025-03-06T11:34:16.289Z", + "dateUpdated": "2025-03-06T11:34:16.289Z" + }, + "containers": { + "cna": { + "affected": [ + { + "defaultStatus": "unaffected", + "product": "Apache Traffic Server", + "vendor": "Apache Software Foundation", + "versions": [ + { + "lessThanOrEqual": "8.1.11", + "status": "affected", + "version": "8.0.0", + "versionType": "semver" + }, + { + "lessThanOrEqual": "9.2.8", + "status": "affected", + "version": "9.0.0", + "versionType": "semver" + }, + { + "lessThanOrEqual": "10.0.3", + "status": "affected", + "version": "10.0.0", + "versionType": "semver" + } + ] + } + ], + "credits": [ + { + "lang": "en", + "type": "reporter", + "value": "Ben Kallus" + } + ], + "descriptions": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "

Improper Input Validation vulnerability in Apache Traffic Server.

This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3.

Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.

" + } + ], + "value": "Improper Input Validation vulnerability in Apache Traffic Server.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3.\n\nUsers are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue." + } + ], + "metrics": [ + { + "other": { + "content": { + "text": "moderate" + }, + "type": "Textual description of severity" + } + } + ], + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-20", + "description": "CWE-20 Improper Input Validation", + "lang": "en", + "type": "CWE" + } + ] + } + ], + "providerMetadata": { + "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", + "shortName": "apache", + "dateUpdated": "2025-03-06T11:34:16.289Z" + }, + "references": [ + { + "tags": [ + "vendor-advisory" + ], + "url": "https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023" + } + ], + "source": { + "discovery": "UNKNOWN" + }, + "title": "Apache Traffic Server: Request smuggling via pipelining after a chunked message body", + "x_generator": { + "engine": "Vulnogram 0.1.0-dev" + } + } + } +} \ No newline at end of file