Vulnerabilities > Openresty

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2021-06-01 CVE-2021-23017 A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
network
high complexity
f5 openresty fedoraproject netapp oracle
7.7
2021-04-06 CVE-2020-36309 Unspecified vulnerability in Openresty Lua-Nginx-Module
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
network
low complexity
openresty
5.3
2020-04-12 CVE-2020-11724 HTTP Request Smuggling vulnerability in multiple products
An issue was discovered in OpenResty before 1.15.8.4.
network
low complexity
openresty debian CWE-444
7.5
2018-04-02 CVE-2018-9230 SQL Injection vulnerability in Openresty
In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products.
network
low complexity
openresty CWE-89
critical
9.8