HTTP Request Smuggling Vulnerability in OpenResty lua-nginx-module by OpenResty
CVE-2024-33452

7.7HIGH

Key Information:

Vendor

OpenResty

Vendor
CVE Published:
22 April 2025

What is CVE-2024-33452?

The OpenResty lua-nginx-module versions up to 0.10.26 are susceptible to a vulnerability that enables remote attackers to perform HTTP request smuggling attacks. This occurs through the manipulation of a crafted HEAD request, which can allow attackers to bypass security controls and lead to unauthorized access or data exposure. Addressing this vulnerability is crucial for maintaining the integrity and security of web applications utilizing the affected OpenResty module.

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.