PT-2021-11997 · Unknown+3 · Ngx Http Lua Module+3
Published
2021-04-06
·
Updated
2025-06-24
·
CVE-2020-36309
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
ngx http lua module (aka lua-nginx-module) versions prior to 0.10.16
Description:
The issue allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
Recommendations:
For versions prior to 0.10.16, update to version 0.10.16 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Linuxmint
Ubuntu
Ngx Http Lua Module