awlnxIf you use #haproxy >=2.9, you want to upgrade there is a DoS vector in it.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45506
It was hard to figure out but thanks to the great haproxy team it was mitigated fast! 🥳
Theuni@awlnx Great work! That's a hard to understand thing that's happening there. I'm not quite able to follow the explanation easily and am wondering whether this is only exploitable if you're talking directly to haproxy or also if its hidden behind an nginx?