Apache HTTP Server Cross-Site Scripting (XSS) in mod_proxy_ajp

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache HTTP Server Cross-Site Scripting (XSS) in mod_proxy_ajp

CGA-9jwx-cw7v-pjxh

Summary

Apache HTTP Server has a vulnerability in its mod_proxy_ajp module that allows an attacker to inject malicious code into web pages. This could allow an attacker to steal sensitive information or take control of user sessions. Update Apache HTTP Server to the latest version to fix this issue.

What to do

Update chainguard ruby3.4-rails-7.2 to version 7.2.3.1-r1.

Affected software

Vendor	Product	Affected versions	Fix available
chainguard	ruby3.4-rails-7.2	<= 7.2.3.1-r1	7.2.3.1-r1

Original title

CGA-9jwx-cw7v-pjxh

Published: 6 Apr 2026 · Updated: 6 Apr 2026 · First seen: 6 Apr 2026