| Release | Version |
|---|---|
| bullseye | 3.0.4-2 |
| bookworm | 3.0.9-1+deb12u1 |
| trixie | 3.0.13-1 |
| sid | 3.0.13-1 |
| Bug | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|
| CVE-2024-1019 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypa ... |
| CVE-2023-38285 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Co ... |
| CVE-2022-48279 | vulnerable (no DSA) | fixed | fixed | fixed | In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart reque ... |
| CVE-2021-42717 | vulnerable (no DSA) | fixed | fixed | fixed | ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ... |
| Bug | Description |
|---|---|
| CVE-2023-28882 | Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial ... |
| CVE-2020-15598 | Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a ... |
| CVE-2019-25043 | ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as dem ... |
| CVE-2019-19886 | Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send c ... |
| DSA / DLA | Description |
|---|---|
| DSA-4765-1 | modsecurity - security update |