[Pkg-nginx-maintainers] Bug#964950: nginx: CVE-2020-11724
Sylvain Beucler
beuc at beuc.net
Mon Jul 13 10:01:57 BST 2020
Package: nginx
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for ngx_lua.
CVE-2020-11724[0]:
| ngx_http_lua_subrequest.c allows HTTP request smuggling, as
| demonstrated by the ngx.location.capture API.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-11724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724
Cheers!
Sylvain Beucler
Debian LTS Team
More information about the Pkg-nginx-maintainers
mailing list