{"id":"CVE-2024-33452","details":"An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.","aliases":["BIT-openresty-2024-33452"],"modified":"2026-04-09T10:08:17.346587Z","published":"2025-04-22T16:15:44.200Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00026.html"},{"type":"EVIDENCE","url":"https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn"},{"type":"EVIDENCE","url":"https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openresty/lua-nginx-module","events":[{"introduced":"0"},{"last_affected":"0e769b76432df91e5f10aa56a56858e8a190faf7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.10.26"}]}}],"versions":["v0.0.1","v0.0.10","v0.0.11","v0.0.12","v0.0.13","v0.0.14","v0.0.14rc1","v0.0.14rc2","v0.0.15","v0.0.16","v0.0.17","v0.0.18rc1","v0.0.18rc2","v0.0.1rc1","v0.0.1rc2","v0.0.1rc3","v0.0.1rc4","v0.0.1rc5","v0.0.1rc6","v0.0.1rc7","v0.0.1rc8","v0.0.1rc9","v0.0.2","v0.0.3","v0.0.4rc1","v0.0.5","v0.0.6","v0.0.7","v0.0.8","v0.0.9","v0.1.0","v0.1.1","v0.1.2rc1","v0.1.2rc2","v0.1.2rc3","v0.1.2rc4","v0.1.3","v0.1.3rc1","v0.1.3rc2","v0.1.4","v0.1.4rc1","v0.1.4rc2","v0.1.5","v0.1.5rc1","v0.1.5rc2","v0.1.5rc3","v0.1.5rc4","v0.1.5rc5","v0.1.5rc6","v0.1.6rc1","v0.1.6rc10","v0.1.6rc11","v0.1.6rc12","v0.1.6rc13","v0.1.6rc14","v0.1.6rc15","v0.1.6rc16","v0.1.6rc17","v0.1.6rc2","v0.1.6rc3","v0.1.6rc4","v0.1.6rc5","v0.1.6rc6","v0.1.6rc7","v0.1.6rc8","v0.1.6rc9","v0.10.0","v0.10.0rc0","v0.10.1","v0.10.10","v0.10.11","v0.10.11rc1","v0.10.11rc2","v0.10.11rc3","v0.10.12","v0.10.12rc1","v0.10.12rc2","v0.10.13","v0.10.13rc1","v0.10.14","v0.10.14rc1","v0.10.14rc2","v0.10.14rc3","v0.10.14rc4","v0.10.14rc5","v0.10.14rc6","v0.10.14rc7","v0.10.15","v0.10.15rc1","v0.10.16","v0.10.16rc1","v0.10.16rc2","v0.10.16rc3","v0.10.16rc4","v0.10.16rc5","v0.10.17","v0.10.18","v0.10.18rc1","v0.10.18rc2","v0.10.18rc3","v0.10.18rc4","v0.10.19","v0.10.19rc1","v0.10.1rc0","v0.10.1rc1","v0.10.2","v0.10.20","v0.10.20rc1","v0.10.21rc1","v0.10.23rc1","v0.10.23rc2","v0.10.24","v0.10.24rc1","v0.10.26","v0.10.26rc1","v0.10.26rc2","v0.10.3","v0.10.4","v0.10.4rc1","v0.10.5","v0.10.6","v0.10.6rc1","v0.10.6rc2","v0.10.7","v0.10.8","v0.10.9","v0.10.9rc1","v0.10.9rc2","v0.10.9rc3","v0.10.9rc4","v0.10.9rc5","v0.10.9rc6","v0.10.9rc7","v0.10.9rc8","v0.10.9rc9","v0.2.1rc1","v0.2.1rc10","v0.2.1rc11","v0.2.1rc12","v0.2.1rc13","v0.2.1rc14","v0.2.1rc15","v0.2.1rc16","v0.2.1rc17","v0.2.1rc18","v0.2.1rc19","v0.2.1rc2","v0.2.1rc20","v0.2.1rc21","v0.2.1rc22","v0.2.1rc3","v0.2.1rc4","v0.2.1rc5","v0.2.1rc6","v0.2.1rc7","v0.2.1rc8","v0.2.1rc9","v0.3.1rc21","v0.3.1rc27","v0.3.1rc28","v0.3.1rc32","v0.3.1rc33","v0.3.1rc34","v0.3.1rc35","v0.3.1rc36","v0.3.1rc37","v0.3.1rc38","v0.3.1rc39","v0.3.1rc4","v0.3.1rc40","v0.3.1rc41","v0.3.1rc42","v0.3.1rc43","v0.3.1rc44","v0.3.1rc45","v0.3.1rc5","v0.3.1rc6","v0.3.1rc7","v0.3.1rc8","v0.3.1rc9","v0.4.0","v0.4.1","v0.4.1rc1","v0.4.1rc2","v0.4.1rc3","v0.4.1rc4","v0.5.0rc1","v0.5.0rc2","v0.5.0rc25","v0.5.0rc3","v0.5.0rc4","v0.5.0rc5","v0.6.1","v0.6.4","v0.6.5","v0.6.5rc1","v0.6.6","v0.6.6rc1","v0.7.11","v0.7.12","v0.7.12rc1","v0.7.13","v0.7.14","v0.7.14rc1","v0.7.14rc2","v0.7.15","v0.7.16","v0.7.17","v0.7.18","v0.7.19","v0.7.20","v0.7.21","v0.7.4","v0.7.5","v0.7.5rc1","v0.7.6","v0.7.6rc1","v0.7.6rc2","v0.7.8","v0.7.9","v0.8.0","v0.8.1","v0.9.10","v0.9.11","v0.9.12","v0.9.12rc1","v0.9.12rc2","v0.9.13","v0.9.13rc1","v0.9.14","v0.9.15","v0.9.16","v0.9.16rc1","v0.9.16rc2","v0.9.16rc3","v0.9.17","v0.9.17rc1","v0.9.18","v0.9.18rc1","v0.9.19","v0.9.20","v0.9.20rc1","v0.9.20rc2","v0.9.20rc3","v0.9.3","v0.9.4","v0.9.4rc1","v0.9.5","v0.9.5rc1","v0.9.5rc2","v0.9.6","v0.9.7","v0.9.8","v0.9.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-33452.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"}]}