{"id":"MGASA-2021-0576","summary":"Updated apache-mod_security packages fix security vulnerability","details":"Updated apache-mod_security packages fix security vulnerability:\n\nModSecurity mishandles excessively nested JSON objects. Crafted JSON\nobjects with nesting tens-of-thousands deep could result in the web\nserver being unable to service legitimate requests. Even a moderately\nlarge (e.g., 300KB) HTTP request can occupy one of the limited NGINX\nworker processes for minutes and consume almost all of the available\nCPU on the machine (CVE-2021-42717).\n","modified":"2026-04-16T00:11:45.456285521Z","published":"2021-12-21T23:27:37Z","upstream":["CVE-2021-42717"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0576.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29787"}],"affected":[{"package":{"name":"apache-mod_security","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/apache-mod_security?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.5-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0576.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}