CVE-2024-33452

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-33452
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.
CVSS

No CVSS.

References
Link Resource
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn Exploit Third Party Advisory
https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:openresty:lua-nginx-module:*:*:*:*:*:*:*:*
History

23 Jun 2025, 18:20

Type Values Removed Values Added
CPE cpe:2.3:a:openresty:lua-nginx-module:*:*:*:*:*:*:*:*
First Time Openresty
Openresty lua-nginx-module
References () https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn - () https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn - Exploit, Third Party Advisory
References () https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/ - () https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/ - Exploit, Third Party Advisory

22 Apr 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-22 16:15

Updated : 2025-06-23 18:20

NVD link : CVE-2024-33452

Mitre link : CVE-2024-33452

JSON object : View

Products Affected

openresty

  • lua-nginx-module
CWE

No CWE.