Security Advisory

CVE-2019-7617

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-08-22 16:12:10

Last updated 2024-08-04 20:54:28

Assigner elastic

State PUBLISHED

Description

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.

← Browse all CVEs View on cve.org ↗