CVE-2024-39702
- EPSS 0.93%
- Veröffentlicht 23.07.2024 16:15:05
- Zuletzt bearbeitet 24.09.2025 14:20:34
In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted ...
CVE-2023-44487
- EPSS 94.44%
- Veröffentlicht 10.10.2023 14:15:10
- Zuletzt bearbeitet 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-23017
- EPSS 76.12%
- Veröffentlicht 01.06.2021 13:15:07
- Zuletzt bearbeitet 21.11.2024 05:51:09
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2020-11724
- EPSS 0.93%
- Veröffentlicht 12.04.2020 21:15:10
- Zuletzt bearbeitet 21.11.2024 04:58:29
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.
CVE-2018-9230
- EPSS 43.85%
- Veröffentlicht 02.04.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:15:10
In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions o...