[Git][security-tracker-team/security-tracker][master] Add CVE-2024-33452/lua-nginx-module

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 24 15:11:17 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
12058333 by Salvatore Bonaccorso at 2025-04-24T16:10:39+02:00
Add CVE-2024-33452/lua-nginx-module

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -422,7 +422,12 @@ CVE-2024-53568 (A stored cross-site scripting (XSS) vulnerability in the Image U
 CVE-2024-46546 (NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a sta ...)
 	NOT-FOR-US: NEXTU FLETA AX1500 WIFI6 Router
 CVE-2024-33452 (An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a r ...)
-	TODO: check
+	- libnginx-mod-http-lua 1:0.10.27-1
+	- nginx 1.22.0-3
+	NOTE: src:nginx/1.22.0-3 removed the http-lua module and moved it to a separate package
+	NOTE: https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
+	NOTE: https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/
+	NOTE: https://github.com/openresty/lua-nginx-module/commit/e5248aa8203d3e0075822a577c1cdd19f5f1f831 (v0.10.27rc1)
 CVE-2024-11299 (The Memberpress plugin for WordPress is vulnerable to Sensitive Inform ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-44755 (Sacco Management system v1.0 was discovered to contain a SQL injection ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12058333a32e83de9539fa235c91c659b47aada1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12058333a32e83de9539fa235c91c659b47aada1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250424/baec7dc3/attachment.htm>

More information about the debian-security-tracker-commits mailing list