Описание
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.14.0-0ubuntu1.10 |
| devel | not-affected | 1.18.0-6ubuntu2 |
| eoan | ignored | end of life |
| esm-infra-legacy/trusty | needed | |
| esm-infra/bionic | released | 1.14.0-0ubuntu1.10 |
| esm-infra/focal | released | 1.18.0-0ubuntu1.3 |
| esm-infra/xenial | released | 1.10.3-0ubuntu0.16.04.5+esm4 |
| focal | released | 1.18.0-0ubuntu1.3 |
| groovy | not-affected | 1.18.0-6ubuntu2 |
| hirsute | not-affected | 1.18.0-6ubuntu2 |
Показывать по
Ссылки на источники
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.
Уязвимость компонента ngx_http_lua_subrequest.c веб-сервера OpenResty, позволяющая нарушителю оказать воздействие на целостность данных
5 Medium
CVSS2
7.5 High
CVSS3