CVE-2021-39240 vulnerability in HAProxy and Other Products
Published on August 17, 2021

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field (as observed on a target HTTP/2 server) might differ from what the routing rules were intended to achieve.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2021-39240

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-39240 are published in these products:

HAProxy

Debian Linux

Fedora Project Fedora

Exploit Probability

EPSS

0.07%

Percentile

20.29%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-39240 vulnerability in HAProxy and Other ProductsPublished on August 17, 2021

Products Associated with CVE-2021-39240

Exploit Probability

CVE-2021-39240 vulnerability in HAProxy and Other Products
Published on August 17, 2021