How severe is CVE-2024-40632?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2024-40632?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2024-40632 - LOW Severity | CVSS 3.7

Vulnerability Description

Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. In affected versions when the application being run by linkerd is susceptible to SSRF, an attacker could potentially trigger a denial-of-service (DoS) attack by making requests to localhost:4191/shutdown. Linkerd could introduce an optional environment variable to control a token that must be passed as a header. Linkerd should reject shutdown requests that do not include this header. This issue has been addressed in release version edge-24.6.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2022-0085

LOW

CVSS:3.7(Low)

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.

CWE-9182022

CVE-2023-48711

LOW

CVSS:3.7(Low)

google-translate-api-browser is an npm package which interfaces with the google translate web api. A Server-Side Request Forgery (SSRF) Vulnerability is present in applications utilizing the `google-t...

CWE-9182023

CVE-2024-0243

LOW

CVSS:3.7(Low)

With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(x, "ht...

CWE-9182024

CVE-2024-11168

MEDIUM

CVSS:3.7(Low)

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potent...

CWE-9182024

CVE-2025-3954

MEDIUM

CVSS:3.7(Low)

A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads ...

CWE-9182025

CVE-2024-0628

LOW

CVSS:3.8(Low)

The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible f...

CWE-9182024