CVE-2021-33193 log

Source
Severity Medium
Remote Yes
Type Url request injection
Description
In Apache HTTP Server before version 2.4.49, a crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.
Group Package Affected Fixed Severity Status Ticket
AVG-2289 apache 2.4.48-1 2.4.49-1 High Fixed
References
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-33193
https://portswigger.net/research/http2
https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c