mod_session vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the mod_session package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
CVE-2024-38476

<0:2.4.37-65.0.1.module+el8.10.0+90383+734f7ffb.2
  • H
Improper Encoding or Escaping of Output

<0:2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1
  • H
Improper Encoding or Escaping of Output

<0:2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1
  • H
Improper Input Validation

<0:2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1
  • H
NULL Pointer Dereference

<0:2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1
  • H
Improper Encoding or Escaping of Output

<0:2.4.37-65.0.1.module+el8.10.0+90368+a557a4bf.1
  • M
CVE-2023-38709

<0:2.4.37-65.0.1.module+el8.10.0+90356+f7b9d583
  • M
Improper Resource Shutdown or Release

<0:2.4.37-64.module+el8.10.0+90271+3bc76a16
  • M
Out-of-bounds Read

<0:2.4.37-64.module+el8.10.0+90271+3bc76a16
  • H
Allocation of Resources Without Limits or Throttling

<0:2.4.37-62.0.1.module+el8.9.0+90011+2f9c6a23
  • M
HTTP Request Smuggling

<0:2.4.37-56.0.1.module+el8.8.0+21159+b5186791.7
  • H
HTTP Request Smuggling

<0:2.4.37-51.0.1.module+el8.7.0+21029+de29ba63.5
  • M
HTTP Request Smuggling

<0:2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1
  • M
Out-of-bounds Write

<0:2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1
  • M
HTTP Response Splitting

<0:2.4.37-51.0.1.module+el8.7.0+20923+af3b70dd.1
  • M
Integer Overflow or Wraparound

<0:2.4.37-51.0.1.module+el8.7.0+20778+02173b8e
  • M
Improper Initialization

<0:2.4.37-51.0.1.module+el8.7.0+20778+02173b8e
  • M
CVE-2022-30556

<0:2.4.37-51.0.1.module+el8.7.0+20778+02173b8e
  • M
Out-of-bounds Write

<0:2.4.37-51.0.1.module+el8.7.0+20778+02173b8e
  • M
HTTP Request Smuggling

<0:2.4.37-51.0.1.module+el8.7.0+20778+02173b8e
  • M
Integer Overflow or Wraparound

<0:2.4.37-51.0.1.module+el8.7.0+20778+02173b8e
  • M
Allocation of Resources Without Limits or Throttling

<0:2.4.37-51.0.1.module+el8.7.0+20778+02173b8e
  • M
Allocation of Resources Without Limits or Throttling

<0:2.4.37-51.0.1.module+el8.7.0+20778+02173b8e
  • M
Integer Overflow or Wraparound

<0:2.4.37-51.0.1.module+el8.7.0+20778+02173b8e
  • H
Insufficient Verification of Data Authenticity

<0:2.4.37-47.0.2.module+el8.6.0+20724+119b489d.2
  • L
NULL Pointer Dereference

<0:2.4.37-47.0.1.module+el8.6.0+20683+407db9f5.2
  • M
NULL Pointer Dereference

<0:2.4.37-47.0.1.module+el8.6.0+20649+083145da.1
  • M
Out-of-bounds Write

<0:2.4.37-47.0.1.module+el8.6.0+20649+083145da.1
  • M
Out-of-bounds Read

<0:2.4.37-47.0.1.module+el8.6.0+20649+083145da.1
  • M
CVE-2021-33193

<0:2.4.37-47.0.1.module+el8.6.0+20649+083145da.1
  • H
HTTP Request Smuggling

<0:2.4.37-43.0.2.module+el8.5.0+20524+6e75a975.3
  • H
Out-of-bounds Write

<0:2.4.37-43.0.1.module+el8.5.0+20475+4f6a8fd5.1
  • H
Out-of-bounds Write

<0:2.4.37-43.0.2.module+el8.5.0+20470+f38d0c8f
  • H
NULL Pointer Dereference

<0:2.4.37-43.0.2.module+el8.5.0+20470+f38d0c8f
  • H
Out-of-bounds Write

<0:2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9
  • M
CVE-2021-30641

<0:2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271
  • H
NULL Pointer Dereference

<0:2.4.37-39.0.2.module+el8.4.0+20402+038b8ccd.1
  • H
Server-Side Request Forgery (SSRF)

<0:2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
  • H
Out-of-bounds Write

<0:2.4.37-39.0.1.module+el8.4.0+20372+b87b2deb.1
  • M
HTTP Request Smuggling

<0:2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb
  • M
Buffer Overflow

<0:2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb
  • M
Use After Free

<0:2.4.37-30.0.1.module+el8.3.0+7816+49791cfd
  • M
Cross-site Scripting (XSS)

<0:2.4.37-30.0.1.module+el8.3.0+7816+49791cfd
  • M
NULL Pointer Dereference

<0:2.4.37-30.0.1.module+el8.3.0+7816+49791cfd
  • M
Use After Free

<0:2.4.37-30.0.1.module+el8.3.0+7816+49791cfd
  • M
Out-of-bounds Write

<0:2.4.37-30.0.1.module+el8.3.0+7816+49791cfd
  • M
Resource Exhaustion

<0:2.4.37-30.0.1.module+el8.3.0+7816+49791cfd
  • M
HTTP Request Smuggling

<0:2.4.37-30.0.1.module+el8.3.0+7816+49791cfd
  • M
Open Redirect

<0:2.4.37-30.0.1.module+el8.3.0+7816+49791cfd
  • M
Open Redirect

<0:2.4.37-30.0.1.module+el8.3.0+7816+49791cfd
  • M
Use of Uninitialized Resource

<0:2.4.37-30.0.1.module+el8.3.0+7816+49791cfd
  • H
HTTP Request Smuggling

<0:2.4.37-21.0.1.module+el8.2.0+5576+c083ffcb
  • M
Session Fixation

<0:2.4.37-39.0.1.module+el8.4.0+20024+b87b2deb
  • H
Allocation of Resources Without Limits or Throttling

<0:2.4.37-12.0.1.module+el8.0.0+5348+de75177e
  • M
Race Condition

<0:2.4.37-16.0.1.module+el8.1.0+5385+dcd9ff33
  • M
Use of Incorrectly-Resolved Name or Reference

<0:2.4.37-16.0.1.module+el8.1.0+5385+dcd9ff33
  • H
Use After Free

<0:2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6
  • H
CVE-2019-0215

<0:2.4.37-11.0.1.module+el8.0.0+5209+a98d70d6