Lucene search

K

Openresty Security Vulnerabilities

cve
cve

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

7.5CVSS

8AI Score

0.732EPSS

2023-10-10 02:15 PM
2890
In Wild
cve
cve

CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other...

7.7CVSS

6.3AI Score

0.52EPSS

2021-06-01 01:15 PM
5146
10
cve
cve

CVE-2020-11724

An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture...

7.5CVSS

7.2AI Score

0.006EPSS

2020-04-12 09:15 PM
692
4
cve
cve

CVE-2018-9230

In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application...

9.8CVSS

9.4AI Score

0.006EPSS

2018-04-02 06:29 PM
58