CVE-2019-7617

Name of the Vulnerable Software and Affected Versions Elastic APM agent for Python versions prior to 5.1.0

Description The issue arises when the Elastic APM agent for Python is run as a CGI script, and a remote attacker can control the proxy header, leading to a variable name clash flaw. This flaw could allow an attacker to redirect collected APM data to a proxy of their choosing.

Recommendations For versions prior to 5.1.0, update to version 5.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the proxy header to minimize the risk of exploitation.