CVE-2023-33141: Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

Category

Denial of Service

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Jun

Released

2023-06-13

Last Updated

2023-06-22

EPSS Score

2.80% (percentile: 86.1%)

FAQ

Is the update for YARP 2.0 currently available? The security update for YARP 2.0 is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.

Affected Products (2)

Developer Tools

• YARP 1.0
• YARP 2.0

Security Updates (2)

• Release Notes
• Release Notes

Revision History

• 2023-06-13: Information published.
• 2023-06-14: FAQ added to explain that the YARP 2.0 is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE information.
• 2023-06-22: The following revisions have been made in the Security Updates table: 1) Added YARP 1.0 as it is also affected by this vulnerability and an update is available. 2) The security update for YARP 2.0 is now available. Customers running these affected versions of YARP should install the update for their product to be protected from this vulnerability.