A Server-Side Request Forgery (SSRF) vulnerability, which is being tracked as CVE-2020-40438 impacting Apache HTTP Server 2.4.48 and prior versions has been patched. The CVSS score for this vulnerability is 9/10 (critical).
This vulnerability allows unauthenticated malicious actors to force vulnerable HTTP servers to forward requests to arbitrary servers. There are reported exploits, and on 12/1, CISA added this vulnerability to their Known Exploited Vulnerabilities Catalog. Administrators are advised to apply available updates to affected Apache HTTP servers and related products as soon as possible.