Vulnerabilities

CVE-2023-45539

by Fred · 28/11/2023

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

Date published : 2023-11-28

https://git.haproxy.org/?p=haproxy.git;a=commit;h=2eab6d354322932cfec2ed54de261e4347eca9a6

https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html

Similar

Tags: Cybersecurity Alert