Updated apache-mod_security packages fix security vulnerabilityPublication date: 21 Dec 2021
Affected Mageia releases : 8
Updated apache-mod_security packages fix security vulnerability: ModSecurity mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine (CVE-2021-42717).