Description
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-1998 Vulnerability (CVE-2021-1998)
WordPress Plugin WP Munich Blocks-Gutenberg Blocks for WordPress Security Bypass (0.7.2)
WordPress Plugin WP-Stats 'author' Parameter SQL Injection (2.0)
YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)
WordPress Plugin Google XML Sitemap for Images Cross-Site Request Forgery (2.1.3)