oss-sec mailing list archives

[ANNOUNCE] ATS is vulnerable to request smuggling via chunked messages

From: Masakazu Kitajo <maskit () apache org>
Date: Wed, 2 Apr 2025 13:45:38 -0600

Description:
ATS is vulnerable to request smuggling via chunked messages

CVE:
CVE-2024-53868 - Chunked message body allows request smuggling

Reported By:
Jeppe Bonde Weikop (CVE-2024-53868)

Vendor:
The Apache Software Foundation

Version Affected:
ATS 9.0.0 to 9.2.9
ATS 10.0.0 to 10.0.4

Mitigation:
9.x users should upgrade to 9.2.10 or later versions
10.x users should upgrade to 10.0.5 or later versions

CVE:
https://www.cve.org/CVERecord?id=CVE-2024-53868

Current thread:

[ANNOUNCE] ATS is vulnerable to request smuggling via chunked messages Masakazu Kitajo (Apr 02)