{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "11.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "35" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "36" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "8.0.0" }, { "last_affected": "8.1.4" }, { "introduced": "9.0.0" }, { "last_affected": "9.1.2" } ] }, "events": [ { "introduced": "b310e3566f58dd04ec2b15b111ec86ea70e20019" }, { "last_affected": "965df952e1da3e5039473db8cf219cf9ef285a93" }, { "introduced": "b14030656330ed623cd1f9efe2f4f9abd9d16e29" }, { "last_affected": "cb7eda60dc8c2068afd458fd20a8dd6232887f0d" } ], "repo": "https://github.com/apache/trafficserver", "type": "GIT" } ] } ], "details": "Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.", "id": "CVE-2022-31779", "modified": "2026-03-15T21:44:44.616848070Z", "published": "2022-08-10T06:15:08.650Z", "references": [ { "type": "ADVISORY", "url": "https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21" }, { "type": "ADVISORY", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J/" }, { "type": "ADVISORY", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A/" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2022/dsa-5206" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }