[Debian] High CVE: CVE-2022-2255: mod-wsgi: pass the X-Client-IP header to the target WSGI application
Bug #2021482 reported by
Yue Tao
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
hqbai |
Bug Description
CVE-2022-2255: https:/
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
Base Score: High
References:
https:/
['libapache2-
CVE References
Changed in starlingx: | |
assignee: | nobody → hqbai (hbai) |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/886236
Review: https:/