ModSecurity is an open source, cross platform web
application firewall (WAF) engine for Apache, IIS
and Nginx. Versions prior to 2.9.10 contain a denial of
service vulnerability similar to
GHSA-859r-vvv8-rm8r/CVE-2025-47947. The `sanitiseArg`
(and `sanitizeArg` - this is the same action but an
alias) is vulnerable to adding an excessive number
of arguments, thereby leading to denial of service.
Version 2.9.10 fixes the issue. As a workaround, avoid
using rules that contain the `sanitiseArg` (or
`sanitizeArg`) action.