Description
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
Remediation
References
Related Vulnerabilities
WordPress Plugin Import Woocommerce Cross-Site Scripting (1.0.1)
WordPress Plugin CiviCRM Multiple Cross-Site Scripting Vulnerabilities (5.35.0)
Grafana Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-13379)
MySQL CVE-2020-14633 Vulnerability (CVE-2020-14633)
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19039)