- Comment
- Reblog
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
- Privacy
: Fuzzed network input can trigger a read-after-free error during HTTP/2 session handling, potentially leading to information disclosure.
If an administrator running 2.4.18 had made specific configuration mistakes, they were vulnerable to directory traversal. More importantly, subsequent research led to CVE-2022-22719, proving that older logic in path handling remained a liability. Running a legacy version means you do not have the hardened path-normalization logic introduced in the 2.4.49+ era.
Cars and Code