DEBIAN-CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

UBUNTU-CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

OpenResty lua-nginx-module 安全漏洞

OpenResty lua-nginx-module is an OpenResty USA open source component for integrating the Lua scripting language into Nginx servers. A security vulnerability exists in OpenResty lua-nginx-module v0.10.26 and earlier versions, which stems from a specially crafted HEAD request that results in an...

CVE-2024-33452

CVE-2024-33452 applies to OpenResty lua-nginx-module v0.10.26 and earlier, allowing HTTP request smuggling via a crafted HEAD request. Connected sources confirm the issue in the lua-nginx-module (OpenResty) and note a patch path via vendor advisories: Debian’s DLA-4228-1 fixes nginx/libnginx-mod-...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

ROS-20250417-05

Ingress controller vulnerability in the Kubernetes ingress-nginx cluster is related to the use of the Ingress mirror-target and mirror-host annotations to inject configuration into nginx. Exploitation of the The vulnerability could allow an attacker acting remotely to execute arbitrary code...

The vulnerability of the lua-nginx-module in NGINX web servers, related to inconsistent interpretation of HTTP requests, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the lua-nginx-module in NGINX web servers is related to inconsistent interpretation of HTTP requests. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests a type of HTTP Request Smuggling attack...

CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...

CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in ingress-nginx

Summary Multiple vulnerabilities in ingress-nginx that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-1097 DESCRIPTION: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingre...

CLSA-2025-1744633827 nginx: Fix of CVE-2024-7347

CVE-2024-7347: fix MP4 stsc cropping: prevent overflow and buffer underread causing invalid seeks and possible segfault...

Remote Code Execution

k8s.io/ingress-nginx is vulnerable to Remote Code Execution. The vulnerability is due to improper request handling in the ingress-nginx controller due to the controller processing untrusted network traffic that can be manipulated to execute arbitrary code and access Secrets...

Siemens Insights Hub Private Cloud

SUMMARY Insights Hub Private Cloud is affected by multiple vulnerabilities in Ingress NGINX Controller for Kubernetes. These vulnerabilities could lead to arbitrary code execution in the context of the ingress-nginx controller, or disclosure of Secrets accessible to the controller, or denial of...

Kubernetes Ingress NGINX Controller Arbitrary Code Execution

Ingress NGINX Controller for Kubernetes versions before 1.11.5, and 1.12.x before 1.12.1 suffer from a critical remote code execution vulnerability. Successful exploitation allows an unauthenticated attacker with access to the pod network to achieve remote code execution RCE in the controller's...

Arbitrary Code Execution (ACE)

k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper input validation in the auth-tls-match-cn Ingress annotation, which allows attackers to inject arbitrary Nginx configuration...

Arbitrary Code Execution (ACE)

k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to improper access control, allowing an unauthenticated attacker with access to the pod network to execute arbitrary code in the context of the ingress-nginx controller...

Arbitrary Code Execution (ACE)

k8s.io/ingress-nginx is vulnerable to Arbitrary Code Execution ACE . The vulnerability is due to improper handling of mirror-target and mirror-host annotations, allowing arbitrary configuration injection into nginx...