Apache · Apache Traffic Server · CVE-2022-25763
**Name of the Vulnerable Software and Affected Versions**
Apache Traffic Server versions 8.0.0 through 9.1.2
**Description**
The issue is related to an Improper Input Validation vulnerability in the HTTP/2 request validation of Apache Traffic Server. This allows an attacker to create smuggle or cache poison attacks.
**Recommendations**
For Apache Traffic Server versions 8.0.0 through 9.1.2, update to a version that includes the fix for this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.