VDB
DEBIAN-CVE-2021-39240
DEBIAN-CVE-2021-39240
PUBLISHED
CVSS 7.5 HIGH
An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 server) might differ from what the routing rules were intended to achieve.
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | haproxy | 0, 0, 0 |
| Debian:12 | haproxy | 0, 0, 0 |
| Debian:13 | haproxy | 0, 0, 0 |
| Debian:11 | haproxy | 0, 2.2.9-2, 2.2.9-2 |
Timeline
- Aug 17, 2021 CVE Published
- Apr 28, 2026 CVE Updated