CVE-2020-36309

Published: 06 April 2021

ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.

Priority

Low

CVSS 3 base score: 5.3

Status

Package Release Status
nginx
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needs triage

Ubuntu 20.10 (Groovy Gorilla) Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
mdeslaur
The lua module is included in the debian directory as it is not
part of the upstream nginx release.
It is included in the nginx-extras binary package in universe.

References

Bugs