HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Haproxy | Haproxy | * | 2.8.2 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | haproxy-0:1.8.27-5.el8_10.1 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | haproxy-0:1.8.23-3.el8_2.1 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | haproxy-0:1.8.27-2.el8_4.1 | * |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | haproxy-0:1.8.27-2.el8_4.1 | * |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | haproxy-0:1.8.27-2.el8_4.1 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | haproxy-0:1.8.27-4.el8_6.1 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | haproxy-0:1.8.27-4.el8_6.1 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | haproxy-0:1.8.27-4.el8_6.1 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | haproxy-0:1.8.27-5.el8_8.1 | * |
| Red Hat Enterprise Linux 9 | RedHat | haproxy-0:2.4.22-3.el9_3 | * |
| Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | haproxy-0:2.4.17-6.el9_2.2 | * |
| Red Hat OpenShift Container Platform 4.14 | RedHat | haproxy-0:2.6.13-4.rhaos4.14.el8 | * |
| Red Hat OpenShift Container Platform 4.15 | RedHat | haproxy-0:2.6.13-4.rhaos4.15.el8 | * |
| Haproxy | Ubuntu | bionic | * |
| Haproxy | Ubuntu | esm-infra/bionic | * |
| Haproxy | Ubuntu | esm-infra/xenial | * |
| Haproxy | Ubuntu | focal | * |
| Haproxy | Ubuntu | jammy | * |
| Haproxy | Ubuntu | lunar | * |
| Haproxy | Ubuntu | trusty | * |
| Haproxy | Ubuntu | upstream | * |
| Haproxy | Ubuntu | xenial | * |