Unrated severityNVD Advisory· Published Apr 6, 2021· Updated Nov 3, 2025
CVE-2020-36309
CVE-2020-36309
Description
ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- OpenResty/ngx_http_lua_moduledescription
Patches
Vulnerability mechanics
References
4- github.com/openresty/lua-nginx-module/compare/v0.10.15...v0.10.16mitrex_refsource_MISC
- github.com/openresty/lua-nginx-module/pull/1654mitrex_refsource_MISC
- news.ycombinator.com/itemmitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210507-0005/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.