{"id":"PYSEC-2019-178","details":"When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.","aliases":["CVE-2019-7617","GHSA-22jh-6gx8-f944"],"modified":"2026-06-10T17:01:13.615863347Z","published":"2019-08-22T17:15:00Z","references":[{"type":"WEB","url":"https://www.elastic.co/community/security/"},{"type":"WEB","url":"https://discuss.elastic.co/t/elastic-apm-agent-for-python-5-1-0-security-update/196145"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-22jh-6gx8-f944"}],"affected":[{"package":{"name":"elastic-apm","ecosystem":"PyPI","purl":"pkg:pypi/elastic-apm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.0"}]}],"versions":["1.0.0","1.0.0.dev0","1.0.0.dev1","1.0.0.dev2","1.0.0.dev3","2.0.0","2.0.1","2.1.0","2.1.1","2.2.0","2.2.1","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5","4.0.0","4.0.1","4.0.2","4.0.3","4.1.0","4.2.0","4.2.1","4.2.2","5.0.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/elastic-apm/PYSEC-2019-178.yaml"}}],"schema_version":"1.7.5"}