| Release | Version |
|---|---|
| buster | 3.1.0-1+deb10u2 |
| buster (security) | 3.2.3-0+deb10u3 |
| bullseye | 3.3.0-1+deb11u1 |
| bookworm | 3.3.4-1 |
| trixie | 3.3.5-2 |
| sid | 3.3.5-2 |
| Bug | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2023-38199 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does n ... |
| CVE-2022-39958 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ... |
| CVE-2022-39957 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ... |
| CVE-2022-39956 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ... |
| CVE-2022-39955 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ... |
| CVE-2020-22669 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a ... |
| Bug | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2019-11391 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ... |
| CVE-2019-11390 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ... |
| CVE-2019-11389 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ... |
| CVE-2019-11388 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ... |
| Bug | Description |
|---|---|
| CVE-2021-35368 | OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1 ... |
| CVE-2019-13464 | An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2 ... |
| CVE-2019-11387 | An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ... |
| CVE-2018-16384 | A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Co ... |
| DSA / DLA | Description |
|---|---|
| DLA-3293-1 | modsecurity-crs - security update |