| Package | mod-wsgi |
|---|---|
| Version | 4.5.11-1+deb9u1 (stretch) |
| Related CVEs | CVE-2022-2255 |
An issue has been found in mod-wsgi, a Python WSGI adapter module for Apache. A request from an untrusted proxy does not remove the X-Client-IP header and thus allowing this header to be passed to the target WSGI application.
For Debian 9 stretch, these problems have been fixed in version 4.5.11-1+deb9u1.
We recommend that you upgrade your mod-wsgi packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.