CVE-2020-36309

The CVE-2020-36309 entry concerns ngx_http_lua_module (lua-nginx-module) in OpenResty, where unsafe characters in an argument used to mutate a URI or headers can be exploited. The issue affects the lua-nginx-module before 0.10.16 and is associated with potential HTTP request smuggling and related...

CVE-2024-33452

CVE-2024-33452 applies to OpenResty lua-nginx-module v0.10.26 and earlier, allowing HTTP request smuggling via a crafted HEAD request. Connected sources confirm the issue in the lua-nginx-module (OpenResty) and note a patch path via vendor advisories: Debian’s DLA-4228-1 fixes nginx/libnginx-mod-...