VYPR
Low severity3.7OSV Advisory· Published Jul 15, 2024· Updated Apr 15, 2026

CVE-2024-40632

CVE-2024-40632

Description

Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. In affected versions when the application being run by linkerd is susceptible to SSRF, an attacker could potentially trigger a denial-of-service (DoS) attack by making requests to localhost:4191/shutdown. Linkerd could introduce an optional environment variable to control a token that must be passed as a header. Linkerd should reject shutdown requests that do not include this header. This issue has been addressed in release version edge-24.6.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Linkerd/Linkerd2OSV2 versions
    edge-18.10.1, edge-18.10.2, edge-18.10.3, …+ 1 more
    • (no CPE)range: edge-18.10.1, edge-18.10.2, edge-18.10.3, …
    • (no CPE)range: < edge-24.6.2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.