Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
12058333 by Salvatore Bonaccorso at 2025-04-24T16:10:39+02:00
Add CVE-2024-33452/lua-nginx-module
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -422,7 +422,12 @@ CVE-2024-53568 (A stored cross-site scripting (XSS)
vulnerability in the Image U
CVE-2024-46546 (NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to
contain a sta ...)
NOT-FOR-US: NEXTU FLETA AX1500 WIFI6 Router
CVE-2024-33452 (An issue in OpenResty lua-nginx-module v.0.10.26 and before
allows a r ...)
- TODO: check
+ - libnginx-mod-http-lua 1:0.10.27-1
+ - nginx 1.22.0-3
+ NOTE: src:nginx/1.22.0-3 removed the http-lua module and moved it to a
separate package
+ NOTE:
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
+ NOTE:
https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/
+ NOTE:
https://github.com/openresty/lua-nginx-module/commit/e5248aa8203d3e0075822a577c1cdd19f5f1f831
(v0.10.27rc1)
CVE-2024-11299 (The Memberpress plugin for WordPress is vulnerable to
Sensitive Inform ...)
NOT-FOR-US: WordPress plugin
CVE-2023-44755 (Sacco Management system v1.0 was discovered to contain a SQL
injection ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12058333a32e83de9539fa235c91c659b47aada1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12058333a32e83de9539fa235c91c659b47aada1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
