trafficserver is vulnerable to information disclosure. The vulnerability exists due to the improper input validation in the header parser, allowing an attacker to request secure resources through the malicious HTTP requests.
lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
lists.debian.org/debian-lts-announce/2023/01/msg00019.html
lists.fedoraproject.org/archives/list/[email protected]/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J/
lists.fedoraproject.org/archives/list/[email protected]/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A/
security-tracker.debian.org/tracker/CVE-2021-37150
www.debian.org/security/2022/dsa-5206