CVE-2024-8912

Name: CVE-2024-8912
Creator: NVD / NIST
Published: 2024-10-11T19:15:11.11+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.9/10EPSS 0.19%

Last modified Jun 17, 2026

CVE-2024-8912 is a high-severity vulnerability rated 8.9/10 on the CVSS scale. An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: * Looker (Google Cloud core) was found to be vulnerable. This issue has already been mitigated and our investigation has found no signs of exploitation. * Looker (original) was not vulnerable to this issue. Customer-hosted Looker instances were found to be vulnerable and must be upgraded. This vulnerability has been patched in all supported versions of customer-hosted Looker, which are available on the Looker download page https://download.looker.com/ . For Looker customer-hosted instances, please update to the latest supported version of Looker as soon as possible. EPSS estimates a 0.19% chance of exploitation in the next 30 days.

Description

An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users. There are two Looker versions that are hosted by Looker: * Looker (Google Cloud core) was found to be vulnerable. This issue has already been mitigated and our investigation has found no signs of exploitation. * Looker (original) was not vulnerable to this issue. Customer-hosted Looker instances were found to be vulnerable and must be upgraded. This vulnerability has been patched in all supported versions of customer-hosted Looker, which are available on the Looker download page https://download.looker.com/ . For Looker customer-hosted instances, please update to the latest supported version of Looker as soon as possible. The versions below have all been updated to protect from this vulnerability. You can download these versions at the Looker download page: * 23.12 -> 23.12.123+ * 23.18 -> 23.18.117+ * 24.0 -> 24.0.92+ * 24.6 -> 24.6.77+ * 24.8 -> 24.8.66+ * 24.10 -> 24.10.78+ * 24.12 -> 24.12.56+ * 24.14 -> 24.14.37+

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 4.0

8.9/10

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.19%

8.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-444

Affected Software

Vendor	Product	Versions
Google	Cloud Looker	>= 23.12, < 23.12.123
Google	Cloud Looker	>= 23.18, < 23.18.117
Google	Cloud Looker	>= 24.0, < 24.0.92
Google	Cloud Looker	>= 24.6, < 24.6.77
Google	Cloud Looker	>= 24.8, < 24.8.66
Google	Cloud Looker	>= 24.10, < 24.10.78
Google	Cloud Looker	>= 24.12, < 24.12.56
Google	Cloud Looker	>= 24.14, < 24.14.37

References

https://cloud.google.com/looker/docs/best-practices/security-bulletin-09-16-24Vendor Advisory

Timeline

Published: Oct 11, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2024-8912?

How severe is CVE-2024-8912?

CVE-2024-8912 has a CVSS score of 8.9/10 (HIGH severity). The EPSS model estimates a 0.19% probability of exploitation in the next 30 days.

How do I fix CVE-2024-8912?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-8912?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST