OpenResty ngx_http_lua_module Vulnerability in API URI Handling
CVE-2020-36309
5.3MEDIUM
What is CVE-2020-36309?
The ngx_http_lua_module, a component of OpenResty, is subject to a vulnerability where it does not properly validate input. Specifically, before version 0.10.16, the module allows for unsafe characters in arguments used to alter a URI or headers in HTTP requests and responses. This can lead to various security issues, including potential injection attacks, as the module fails to sanitize the input properly.
