CVE-2022-31779

CVE-2022-31779: Improper HTTP/2 scheme and method validation

Vendor Apache Software Foundation

Product Apache Traffic Server

Weakness CWE-20 · Input validation

Published August 10, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

Key dates

02Disclosure timeline

August 10, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-31779 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

04Related CVE

CVE-2025-64759 Homarr is Vulnerable to Stored Cross-Site Scripting (XSS) and Possible Privilege Escalation via Malicious SVG Upload CVE-2018-10899 CVE-2023-2264 Improper input validition could lead to code injection CVE-2022-32154 Risky commands warnings in Splunk Enterprise Dashboards CVE-2025-64988 Command Injection in 1E-Nomad-GetCmContentLocations Instruction