Vulnerabilities > Haproxy > Haproxy > 2.3.19

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2023-45539 Unspecified vulnerability in Haproxy
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
network
low complexity
haproxy
8.2
2023-02-14 CVE-2023-25725 HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1.
network
low complexity
haproxy debian
critical
9.1