[Git][security-tracker-team/security-tracker][master] CVE-2020-36309/nginx,libnginx-mod-http-lua: add context
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Mon Jun 23 19:51:10 BST 2025
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bcaceebb by Sylvain Beucler at 2025-06-23T20:51:02+02:00
CVE-2020-36309/nginx,libnginx-mod-http-lua: add context
"Breaking GitHub Private Pages for $35k"
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -349464,6 +349464,8 @@ CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in Ope
[bullseye] - nginx <ignored> (Minor issue, too intrusive to backport, see #986787)
[buster] - nginx <ignored> (Minor issue, too intrusive to backport, see #986787)
[stretch] - nginx <postponed> (Minor issue; can be fixed in next update)
+ NOTE: https://news.ycombinator.com/item?id=26709159
+ NOTE: https://robertchen.cc/blog/2021/04/03/github-pages-xss
NOTE: https://github.com/openresty/lua-nginx-module/pull/1654
NOTE: src:nginx/1.22.0-3 removed the http-lua module and moved it to a separate package
CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcaceebba8d83820ae853620aa94e0f523595bf9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bcaceebba8d83820ae853620aa94e0f523595bf9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250623/74891e49/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list