CNNVD-202601-1470 Information
CNNVD ID
CNNVD-202601-1470
Related CVE
- CNNVD Published: 2026-01-08
Description (Chinese)
OWASP CRS是CRS Project开源的一套攻击检测规则集。 OWASP CRS 4.22.0之前版本和3.3.8之前版本存在安全漏洞,该漏洞源于处理多部分请求时规则922110存在缺陷,可能导致恶意字符集被忽略。
Description (English)
OWASP CRS is an open-source set of attack detection rules for CRS Project. There is a security loophole in previous versions of OWASP CRS 4.22.0 and 3.3.8, which stems from the defects in rule 922110 when dealing with multiple requests, which may result in the malicious character set being ignored.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
CRS Project
Published
2026-01-08
Last Modified
2026-02-24
References
https://github.com/coreruleset/coreruleset/releases/tag/v3.3.8 https://github.com/coreruleset/coreruleset/releases/tag/v4.22.0 https://github.com/coreruleset/coreruleset/security/advisories/GHSA-36fv-25j3-r2c5 https://github.com/coreruleset/coreruleset/commit/9917985de09a6cf38b3261faf9105e909d67a7d6 https://github.com/coreruleset/coreruleset/commit/80d80473abf71bd49bf6d3c1ab221e3c74e4eb83 https://access.redhat.com/security/cve/cve-2026-21876
Patch
https://github.com/coreruleset/coreruleset/releases
Share on: