Vulnerabilities > Openresty
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2021-06-01 | CVE-2021-23017 | Off-by-one Error vulnerability in multiple products A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. | 7.7 |
| 2021-04-06 | CVE-2020-36309 | Unspecified vulnerability in Openresty Lua-Nginx-Module ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. | 5.0 |
| 2020-04-12 | CVE-2020-11724 | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in OpenResty before 1.15.8.4. | 5.0 |
| 2018-04-02 | CVE-2018-9230 | SQL Injection vulnerability in Openresty In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products. | 9.8 |