Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-39702

In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT repository. is unaffected.

Published

2024-07-23T16:15:05.557

Last Modified

2025-09-24T14:20:34.233

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-407

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openresty	openresty	< 1.19.9.2	Yes
Application	openresty	openresty	< 1.21.4.4	Yes
Application	openresty	openresty	1.25.3.1	Yes

References

https://openresty.org/en/ann-1025003002.html Patch ([email protected])
https://openresty.org/en/ann-1025003002.html Patch (af854a3a-2127-422b-91ae-364da2661108)