Return to CVE list

CVE-2024-33452

7.7
Critical

CVE-2024-33452

cve@mitre.org
Awaiting Analysis
View on MITREFind on GitHub

Description

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.

Exploits

No known exploits found for this CVE.

Search Exploit-DB

References

cve@mitre.org
https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
cve@mitre.org
https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/