CVE-2019-7617

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:elastic:apm_agent:*:*:*:*:*:python:*:*

Information

Published : 2019-08-22 10:15

Updated : 2019-10-09 16:52


NVD link : CVE-2019-7617

Mitre link : CVE-2019-7617


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

elastic

  • apm_agent