Description

An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.

Remediation

References

CVE-2020-11724

Related Vulnerabilities

WordPress Plugin Shantz WordPress QOTD Cross-Site Request Forgery (1.2.2)

WordPress Plugin Wholesale Market Arbitrary File Download (2.2.0)

Ruby on Rails Other Vulnerability (CVE-2021-22904)

phpMyFAQ Improper Privilege Management Vulnerability (CVE-2023-1762)

WordPress Plugin Bitcoin/Altcoin Faucet Cross-Site Request Forgery (1.6.0)

Severity

High

Classification

CVE-2020-11724 CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities