Description
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
Remediation
References
Related Vulnerabilities
WordPress Plugin Booking Calendar Contact Form Cross-Site Scripting (1.0.24)
WordPress Plugin Media Library Assistant Multiple Cross-Site Scripting Vulnerabilities (2.73)
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7324)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29211)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1834)