You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Stefan Eissing <ic...@apache.org> on 2022/06/08 09:43:44 UTC
CVE-2022-30522: Apache HTTP Server: mod_sed denial of service
Severity: low
Description:
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.
Credit:
This issue was found by Brian Moussalli from the JFrog Security Research team
References:
https://httpd.apache.org/security/vulnerabilities_24.html