Home

Description

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.

PUBLISHED Reserved 2024-04-23 | Published 2025-04-22 | Updated 2025-11-03 | Assigner mitre

References

lists.debian.org/debian-lts-announce/2025/06/msg00026.html

portswigger.net/...p-desync-attacks-request-smuggling-reborn

www.benasin.space/...TTP-Request-Smuggling-in-HEAD-requests/

cve.org (CVE-2024-33452)

nvd.nist.gov (CVE-2024-33452)

Download JSON