CVE-2023-4540

Name of the Vulnerable Software and Affected Versions lua-http versions before commit ddab283

Description The issue is related to an Improper Handling of Exceptional Conditions vulnerability in the Daurnimator lua-http library, which allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. Such a request causes the program to enter an infinite loop.

Recommendations For lua-http versions before commit ddab283, update to a version after commit ddab283 to resolve the issue. As a temporary workaround, consider restricting access to the lua-http library to minimize the risk of exploitation. Avoid using the library until the issue is resolved.