Openresty Lua-nginx-module — known CVE vulnerabilities
Every CVE whose affected-product data names Openresty Lua-nginx-module, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2024-33452 — CVSS 7.7 (high): An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD…
CVE-2020-36309 — CVSS 5.3 (medium): ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate…