CVE-2024-33452 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.
High CVSS: 7.7

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.
Vendor
Openresty
Product
Lua-nginx-module
CWE
CWE-444
Yayın Tarihi
2025-04-22 16:15:44
Güncelleme
2025-11-03 20:16:12
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-444 Lua-nginx-module HIGH Openresty 2025

Referanslar

https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/ https://lists.debian.org/debian-lts-announce/2025/06/msg00026.html