CVE-2024-39702
- EPSS 0.93%
- Published 23.07.2024 16:15:05
- Last modified 24.09.2025 14:20:34
In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted ...
CVE-2023-44487
- EPSS 94.44%
- Published 10.10.2023 14:15:10
- Last modified 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-23017
- EPSS 76.12%
- Published 01.06.2021 13:15:07
- Last modified 21.11.2024 05:51:09
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
CVE-2020-11724
- EPSS 0.93%
- Published 12.04.2020 21:15:10
- Last modified 21.11.2024 04:58:29
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.
CVE-2018-9230
- EPSS 43.85%
- Published 02.04.2018 18:29:00
- Last modified 21.11.2024 04:15:10
In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions o...