CVE-2020-36309

ngxhttpluamodule aka lua-nginx-module before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header...

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

CVE-2024-39702

In ljstrhash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function used during string interning allows HashDoS Hash Denial of Service attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service...

OpenResty 安全漏洞

OpenResty is an American OpenResty open source web application server based on Nginx and Lua. A security vulnerability exists in OpenResty, which stems from a hash denial of service vulnerability discovered in ljstrhash.c. The vulnerability is caused by a hash denial of service vulnerability...

PT-2024-28641 · Openresty · Openresty

Name of the Vulnerable Software and Affected Versions: OpenResty versions 1.19.3.1 through 1.25.3.1 Description: The string hashing function in OpenResty allows HashDoS Hash Denial of Service attacks, which can cause excessive resource usage during proxy operations via crafted requests. This can...

PT-2020-3784 · Openresty +2 · Openresty +2

Name of the Vulnerable Software and Affected Versions: OpenResty versions prior to 1.15.8.4 Description: The issue is related to HTTP request smuggling in the ngx http lua subrequest.c component of the OpenResty web server. This is due to inconsistent interpretation of HTTP requests. The...

CVE-2018-9230

In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.geturiargs and ngx.req.getpostargs functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall...