CVE-2019-7617

CVE-2019-7617

Vendor Elastic
Product Elastic APM agent for Python
Weakness CWE-20 · Input validation
Published August 22, 2019
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.

Key dates

02Disclosure timeline

August 22, 2019 CVE published
August 4, 2024 Record updated