Due Date: ****
A medium severity vulnerability has been discovered in your project.
Project Name: acunetixapi
Scanner Name: trivy
Cwe ID: 1035
Cwe Name: Using Components with Known Vulnerabilities
Cwe Link: https://cwe.mitre.org/data/definitions/1035.html
CVE ID: CVE-2024-24791
Target: usr/local/bin/gosu
Packages:
- : 1.18.2 - Fixed Version: 1.21.12, 1.22.5
References:
Tool Description: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
Custom Description: tests
Kondukto Link: http://localhost/projects/66c335db7de81b375832111f/vulns/appsec?page=1&perPage=15&id=in:66c5a4c19cdb9b659627418a
Deeplink: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791
Due Date: ****
A medium severity vulnerability has been discovered in your project.
Project Name: acunetixapi
Scanner Name: trivy
Cwe ID: 1035
Cwe Name: Using Components with Known Vulnerabilities
Cwe Link: https://cwe.mitre.org/data/definitions/1035.html
CVE ID: CVE-2024-24791
Target: usr/local/bin/gosu
Packages:
References:
Tool Description: The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.
Custom Description: tests
Kondukto Link: http://localhost/projects/66c335db7de81b375832111f/vulns/appsec?page=1&perPage=15&id=in:66c5a4c19cdb9b659627418a
Deeplink: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791