3 matches found
CVE-2019-7617
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...
apm-agent-utils (>=1.0.3 <=1.3.0), enochecker (>=0.0.5 <=0.0.9) +1 more potentially affected by CVE-2019-7617 via elastic-apm (>=4.2.2 <=5.10.1)
elastic-apm PYPI version =4.2.2, =1.0.3, =0.0.5, =0.0.14, =0.0.24.post2 Source cves: CVE-2019-7617 Source advisory: OSV:PYSEC-2019-178...
CVE-2019-7617
Elastic APM for Python versions before 5.1.0 is affected when run as a CGI script. A variable name clash occurs if an attacker can control the proxy header, potentially redirecting collected APM data to a proxy of their choosing. Impact described is data redirection/exfiltration. Recommended reme...