CVE-2024-33452
published 2025-04-22CVE-2024-33452: An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.
high7.7CVSS 3.1
AVNACHPRNUINSUCHIHAL
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libnginx-mod-http-lua | < libnginx-mod-http-lua 1:0.10.23-1+deb12u1 (bookworm) | libnginx-mod-http-lua 1:0.10.23-1+deb12u1 (bookworm) |
| debian | nginx | < libnginx-mod-http-lua 1:0.10.23-1+deb12u1 (bookworm) | libnginx-mod-http-lua 1:0.10.23-1+deb12u1 (bookworm) |
| f5 | nginx | >= 0 < 1.18.0-6.1+deb11u5 | 1.18.0-6.1+deb11u5 |
| f5 | nginx | >= 0 < 1.22.0-3 | 1.22.0-3 |
| f5 | nginx | >= 0 < 1.22.0-3 | 1.22.0-3 |
| f5 | nginx | >= 0 < 1.22.0-3 | 1.22.0-3 |
| openresty | lua-nginx-module | <= 0.10.26 | — |
CVSS provenance
nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
osv7.7HIGH