CVE-2024-33452 — HTTP Request Smuggling in Lua-nginx-module

Severity

7.7HIGHNVD

EPSS

0.7%

top 27.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 22

Description

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:LExploitability: 2.2 | Impact: 5.5

▶Debianf5/nginx< 1.18.0-6.1+deb11u5+3

CVEList

CVE-2024-33452: An issue in OpenResty lua-nginx-module v↗2025-04-22

▶

GHSA

GHSA-qm42-2jf7-gc6x: An issue in OpenResty lua-nginx-module v↗2025-04-22

▶

OSV

CVE-2024-33452: An issue in OpenResty lua-nginx-module v↗2025-04-22

▶

Red Hat

lua-nginx-module: HTTP request smuggling via a crafted HEAD request↗2025-04-22

▶

Debian

CVE-2024-33452: libnginx-mod-http-lua - An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote atta...↗2024

▶