Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.

Published

2025-04-22T16:15:44.200

Last Modified

2025-11-03T20:16:12.273

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.7 (HIGH)

Weaknesses

Type: Secondary
CWE-444

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openresty	lua-nginx-module	≤ 0.10.26	Yes

References

https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn Exploit, Third Party Advisory ([email protected])
https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/ Exploit, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2025/06/msg00026.html (af854a3a-2127-422b-91ae-364da2661108)