| Release | Version |
|---|---|
| jessie | 2.2.9-1+deb8u1 |
| stretch | 3.2.3-0+deb9u1 |
| buster | 3.2.3-0+deb10u3 |
| bullseye | 3.3.0-1+deb11u1 |
| bookworm | 3.3.4-1 |
| trixie | 3.3.7-1 |
| sid | 3.3.7-1 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-38199 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does n ... |
| CVE-2022-39958 | vulnerable | fixed | fixed | vulnerable (no DSA) | fixed | fixed | fixed | The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ... |
| CVE-2022-39957 | vulnerable | fixed | fixed | vulnerable (no DSA) | fixed | fixed | fixed | The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ... |
| CVE-2022-39956 | vulnerable | fixed | fixed | vulnerable (no DSA) | fixed | fixed | fixed | The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ... |
| CVE-2022-39955 | vulnerable | fixed | fixed | vulnerable (no DSA) | fixed | fixed | fixed | The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ... |
| CVE-2020-22669 | vulnerable | fixed | fixed | vulnerable (no DSA) | fixed | fixed | fixed | Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a ... |
| CVE-2018-16384 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Co ... |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-11391 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ... |
| CVE-2019-11390 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ... |
| CVE-2019-11389 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ... |
| CVE-2019-11388 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ... |
| CVE-2019-11387 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) throu ... |
| Bug | Description |
|---|---|
| CVE-2021-35368 | OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1 ... |
| CVE-2019-13464 | An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2 ... |
| DSA / DLA | Description |
|---|---|
| DLA-3293-1 | modsecurity-crs - security update |
| ELA-783-1 | modsecurity-crs - security update |