Zhongwei Yao

**Name of the Vulnerable Software and Affected Versions** OpenResty versions 1.19.3.1 through 1.25.3.1 **Description** The string hashing function in OpenResty allows HashDoS (Hash Denial of Service) attacks, which can cause excessive resource usage during proxy operations via crafted requests. This can potentially lead to a denial of service with relatively few incoming requests. The issue exists in the OpenResty fork in the openresty/luajit2 GitHub repository, but the LuaJIT/LuaJIT repository is unaffected. **Recommendations** For OpenResty versions 1.19.3.1 through 1.25.3.1, consider disabling the string hashing function used during string interning as a temporary workaround until a patch is available. Restrict access to proxy operations to minimize the risk of exploitation. Avoid using crafted requests that could trigger the HashDoS attack.