CVE-2020-11724

An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.
HTTP Request/Response Smuggling
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
openrestyopenresty
𝑥
< 1.15.8.4
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nginx
bullseye (security)
1.18.0-6.1+deb11u3
fixed
bullseye
1.18.0-6.1+deb11u3
fixed
bookworm
1.22.1-9
fixed
sid
1.26.0-3
fixed
trixie
1.26.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nginx
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
Fixed 1.18.0-0ubuntu1.3
released
eoan
ignored
bionic
Fixed 1.14.0-0ubuntu1.10
released
xenial
Fixed 1.10.3-0ubuntu0.16.04.5+esm4
released
trusty
needed
Common Weakness Enumeration
References
https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa
https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch
https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html
https://security.netapp.com/advisory/ntap-20210129-0002/
https://www.debian.org/security/2020/dsa-4750
https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa
https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch
https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html
https://security.netapp.com/advisory/ntap-20210129-0002/
https://www.debian.org/security/2020/dsa-4750