ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Lua-nginx-module |
Openresty |
* |
0.10.16 (excluding) |
References