VYPR

Mod Wsgi

by Modx

CVEs (2)

  • CVE-2014-0242Dec 9, 2019
    risk 0.04cvss epss 0.09

    mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.

  • CVE-2022-2255Aug 25, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.