BIT-NGINX-2026-42055 NGINX ngx_http_proxy_v2_module and ngx_http_grpc_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

Linux Distros Unpatched Vulnerability : CVE-2026-42055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

nginx 1.13.10 < 1.30.3 / 1.31.x < 1.31.2 Buffer Overflow

The installed version of nginx is 1.13.10 prior to 1.30.3, or 1.31.x prior to 1.31.2. It is, therefore, affected by the following issue : - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

ROS-20260609-73-0013

The vulnerability of the ngxhttpproxyv2module module in NGINX Open Source web servers is related to a coding error. Exploiting this vulnerability allows an attacker to potentially compromise the integrity of the protected information...

BIT-NGINX-2026-42926 NGINX ngx_http_proxy_v2_module vulnerability

When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxyhttpversion to 2, and also uses proxysetbody, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support EoTS are not...

EUVD-2022-3110

Malicious code in bioql PyPI...

mastercactapus proxyprotocol vulnerable to denial of service

headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service webserver panic and daemon crash via a crafted HAProxy PROXY v2 request with truncated source/destinatio...

CVE-2020-11653

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss...

CVE-2020-11653

CVE-2020-11653 affects Varnish Cache prior to 6.0.6 LTS, 6.1.x prior to 6.2.3, and 6.3.x prior to 6.3.2. When a TLS termination proxy uses PROXY v2, an assertion failure can occur, causing the varnishd daemon to restart and leading to performance loss. Connected advisories (Debian/Ubuntu/Rocky) r...

Denial Of Service (DoS)

mastercactapus proxyprotocol is vulnerable to denial of service attacks. Remote attackers are able to send a specifically crafted HAProxy PROXY v2 request with truncated source/destination address data to the server causing a system crash...

CVE-2019-14243

headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service webserver panic and daemon crash via a crafted HAProxy PROXY v2 request with truncated source/destinatio...

CVE-2019-14243

headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service webserver panic and daemon crash via a crafted HAProxy PROXY v2 request with truncated source/destinatio...

Design/Logic Flaw

headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service webserver panic and daemon crash via a crafted HAProxy PROXY v2 request with truncated source/destinatio...

CVE-2019-14243

headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service webserver panic and daemon crash via a crafted HAProxy PROXY v2 request with truncated source/destinatio...