PT-2024-39313 · Looker · Looker
Published
2024-10-11
·
Updated
2025-07-30
·
CVE-2024-8912
CVSS v4.0
8.9
High
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Looker versions prior to 23.12.123
Looker versions prior to 23.18.117
Looker versions prior to 24.0.92
Looker versions prior to 24.6.77
Looker versions prior to 24.8.66
Looker versions prior to 24.10.78
Looker versions prior to 24.12.56
Looker versions prior to 24.14.37
Description:
An HTTP Request Smuggling issue in Looker allowed unauthorized attackers to capture HTTP responses intended for legitimate users. The issue has been mitigated for Looker-hosted versions, with no signs of exploitation found. Customer-hosted Looker instances were vulnerable and require an update.
Recommendations:
For versions prior to 23.12.123, update to version 23.12.123 or later.
For versions prior to 23.18.117, update to version 23.18.117 or later.
For versions prior to 24.0.92, update to version 24.0.92 or later.
For versions prior to 24.6.77, update to version 24.6.77 or later.
For versions prior to 24.8.66, update to version 24.8.66 or later.
For versions prior to 24.10.78, update to version 24.10.78 or later.
For versions prior to 24.12.56, update to version 24.12.56 or later.
For versions prior to 24.14.37, update to version 24.14.37 or later.
Fix
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Looker