CVE-2024-38479

CVE-2024-38479: Apache Traffic Server: Cache key plugin is vulnerable to cache poisoning attack

Vendor Apache Software Foundation

Product Apache Traffic Server

Weakness CWE-20 · Input validation

Published November 14, 2024

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

Key dates

Disclosure timeline

November 14, 2024 CVE published

November 3, 2025 Record updated

Identifiers

CVE CVE-2024-38479

CWE CWE-20

Affected versions

Vendor Apache Software Foundation

Product Apache Traffic Server

Affected ≥ 8.0.0 and ≤ 8.1.11

Vendor Apache Software Foundation

Product Apache Traffic Server

Affected ≥ 9.0.0 and ≤ 9.2.5