OpenResty 1.1.12.4

CPE Details

OpenResty 1.1.12.4
openresty
openresty
1.1.12.4
2019-07-23
13h25 +00:00
2019-07-23
13h25 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openresty:openresty:1.1.12.4:*:*:*:*:*:*:*

Informations

Vendor

openresty

Product

openresty

Version

1.1.12.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-44487 2023-10-10 00h00 +00:00 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
High
CVE-2021-23017 2021-06-01 10h28 +00:00 A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
7.7
High
CVE-2020-11724 2020-04-12 18h55 +00:00 An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.
7.5
High
CVE-2018-9230 2018-04-02 16h00 +00:00 In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products. NOTE: the vendor has reported that 100 parameters is an intentional default setting, but is adjustable within the API. The vendor's position is that a security-relevant misuse of the API by a WAF product is a vulnerability in the WAF product, not a vulnerability in OpenResty
9.8
Critical