VulnerableCode Package Details - pkg:apk/alpine/apache2@2.4.49-r0?arch=aarch64&distroversion=v3.21&reponame=main

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9u53-b79b-cfgd	Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.	CVE-2021-34798
VCID-db6k-j9mj-e7hy	A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.	CVE-2021-33193
VCID-mtg7-8556-kbgd	A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.	CVE-2021-40438
VCID-rdtq-8ng5-53fn	A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).	CVE-2021-36160
VCID-wrw6-uzz4-rkfb	ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.	CVE-2021-39275

Vulnerability

Summary

Aliases

VCID-9u53-b79b-cfgd

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-34798

VCID-db6k-j9mj-e7hy

A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48.

CVE-2021-33193

VCID-mtg7-8556-kbgd

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-40438

VCID-rdtq-8ng5-53fn

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

CVE-2021-36160

VCID-wrw6-uzz4-rkfb

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-39275

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-06T04:47:33.801104+00:00	Alpine Linux Importer	Fixing	VCID-9u53-b79b-cfgd	https://secdb.alpinelinux.org/v3.21/main.json	38.1.0
2026-04-01T19:30:03.392085+00:00	Alpine Linux Importer	Fixing	VCID-wrw6-uzz4-rkfb	https://secdb.alpinelinux.org/v3.21/main.json	38.0.0
2026-04-01T19:19:07.878011+00:00	Alpine Linux Importer	Fixing	VCID-rdtq-8ng5-53fn	https://secdb.alpinelinux.org/v3.21/main.json	38.0.0
2026-04-01T19:05:37.729564+00:00	Alpine Linux Importer	Fixing	VCID-mtg7-8556-kbgd	https://secdb.alpinelinux.org/v3.21/main.json	38.0.0
2026-04-01T18:52:09.796015+00:00	Alpine Linux Importer	Fixing	VCID-db6k-j9mj-e7hy	https://secdb.alpinelinux.org/v3.21/main.json	38.0.0