vulnerability

Ubuntu: (Multiple Advisories) (CVE-2020-11724): nginx vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Apr 12, 2020	Apr 13, 2022	Aug 18, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Apr 12, 2020

Added

Apr 13, 2022

Modified

Aug 18, 2025

Description

An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API.

Solutions

ubuntu-pro-upgrade-libnginx-mod-http-luaubuntu-pro-upgrade-nginx-coreubuntu-pro-upgrade-nginx-extrasubuntu-pro-upgrade-nginx-fullubuntu-pro-upgrade-nginx-light

References

CVE-2020-11724
https://attackerkb.com/topics/CVE-2020-11724
CWE-444
DEBIAN-DSA-4750
NVD-CVE-2020-11724
UBUNTU-USN-5371-1
UBUNTU-USN-5371-2
UBUNTU-USN-5371-3

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today