An issue exists in OpenResty prior to 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openresty openresty |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |