Summary: Apache VCL is facing critical security vulnerabilities, including an SQL injection flaw and a cross-site scripting (XSS) vulnerability. These flaws could lead to unauthorized data manipulation and system compromises. Immediate upgrading to version 2.5.2 is recommended to address these issues.
Affected: Apache VCL versions 2.1 through 2.5.1
Keypoints :
- Critical SQL injection vulnerability identified in the New Block Allocation form (CVE-2024-53678).
- Cross-site scripting vulnerability detected in the User Lookup form (CVE-2024-53679).
- Upgrade to Apache VCL version 2.5.2 urgently required for patches.