In Apache HTTP Server before version 2.4.49, a crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
In Apache HTTP Server before version 2.4.49, a crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-40438