HTTP Request Smuggling Vulnerability in OpenResty by OpenResty
CVE-2020-11724
7.5HIGH
What is CVE-2020-11724?
A vulnerability has been identified in OpenResty prior to version 1.15.8.4, specifically within the ngx_http_lua_subrequest.c component. This flaw allows for HTTP request smuggling, providing potential exploitation avenues through the ngx.location.capture API. By manipulating HTTP headers, an attacker could potentially send malformed requests that mislead the server's handling of subsequent requests, posing risks to application integrity and security.
