PT-2022-16902 · Unknown · @Podium/Proxy+1

Krynos

Published

2022-04-06

Updated

2022-04-14

CVE-2022-24822

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions @podium/layout versions prior to 4.6.110 @podium/proxy versions prior to 4.2.74

Description The issue allows an attacker to take down the server by using the Trailer header as part of the request against proxy endpoints. All Podium layouts that include podlets with proxy endpoints are affected.

Recommendations For @podium/layout versions prior to 4.6.110, upgrade to version 4.6.110 or later. For @podium/proxy versions prior to 4.2.74, upgrade to version 4.2.74 or later. As a temporary workaround is not easily possible without upgrading, it is recommended to upgrade @podium/layout and/or @podium/proxy as soon as possible.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-248

Related Identifiers

CVE-2022-24822

GHSA-3HJG-VC7R-RCRW

Affected Products

@Podium/Layout

@Podium/Proxy

PT-2022-16902 · Unknown · @Podium/Proxy+1

CVE-2022-24822

Weakness Enumeration

Related Identifiers

Affected Products

References · 10