Your submission was sent successfully! Close

CVE-2020-11724

Published: 12 April 2020

An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
nginx
Launchpad, Ubuntu, Debian
bionic
Released (1.14.0-0ubuntu1.10)
eoan Ignored
(reached end-of-life)
focal
Released (1.18.0-0ubuntu1.3)
groovy Not vulnerable
(1.18.0-6ubuntu2)
hirsute Not vulnerable
(1.18.0-6ubuntu2)
impish Not vulnerable
(1.18.0-6ubuntu2)
jammy Not vulnerable
(1.18.0-6ubuntu2)
precise Does not exist

trusty Needs triage

upstream
Released (1.18.0-5)
xenial Needed