Control: tags -1 + confirmed On Sun, 2025-08-31 at 09:46 +0200, Jan Mojzis wrote: > An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a > remote attacker to conduct HTTP request smuggling via a crafted HEAD > request. > CVE-2024-33452. > > [ Reason ] > When processing HTTP/1.1 requests, lua-nginx-module incorrectly > parses HEAD requests with a body and treats the body as the new > separate request.
Please go ahead; sorry for the delay. Regards, Adam
