In Apache HTTP Server before version 2.4.49, ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may.
In Apache HTTP Server before version 2.4.49, ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may.
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-39275