216.73.217.139

CVE-2024-39702

· Published 23/07/2024 16:15 · Modified 23/07/2024 16:15

Labels: CVE-2024-39702 2024-07-23CVE-2024-39702[email protected]

Essential information

Published
23/07/2024 16:15
Modified
23/07/2024 16:15
Author
Creator
CISA KEV
No
CWE

Description

In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT epository. is unaffected/

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References