Elastic: >> Apm Agent >> 3.0.0 Security Vulnerabilities
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.
CVSS Score
7.2
EPSS Score
0.002
Published
2019-08-22