Fluid Attacks Database

Description

OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	modsecurity-crs	>=0 <3.3.2-1	3.3.2-1
debian 11	modsecurity-crs	=3.3.0-1 \|\| >=0 <3.3.0-1+deb11u1	3.3.0-1+deb11u1
debian 12	modsecurity-crs	>=0 <3.3.2-1	3.3.2-1
debian 14	modsecurity-crs	>=0 <3.3.2-1	3.3.2-1

Aliases

1. CVE-2021-353682. NVD-2021-353683. OSV-DEBIAN-2021-353684. OSV-2021-353685. SECURITY-TRACKER-CVE-2021-35368

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.