Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
OpenResty Number Of NVD 4 CRITICAL 1 HIGH 3 MEDIUM 0 LOW 0
URL https://openresty.org/en/
Explanation OpenResty® is a full-fledged web platform that integrates an extended version of Nginx core, an extended version of LuaJIT, a number of carefully crafted Lua libraries, a number of high-quality third-party Nginx modules, and most of their external dependencies.
It is designed to make it easy for developers to build scalable web applications, web services, and dynamic web gateways.

Excerpted and translated from [https://openresty.org/en/
Tag
  • BSD License
  • 商用ライセンス有り
Add Information URL
No Type Name URL
1 https://github.com/openresty/openresty
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 Openresty 1.21.4 1.19.9.2 July 21, 2024 May 18, 2022 0 1 0 0
2 Openresty 1.19.3 1.29.2.3 March 25, 2026 Nov. 6, 2020 May 18, 2022 0 2 0 0
3 Openresty 1.17.8 1.17.8.2 July 13, 2020 July 4, 2020 Nov. 6, 2020 0 2 0 0
4 Openresty 1.15.8 1.15.8.3 March 20, 2020 May 16, 2019 July 4, 2020 0 3 0 0
5 Openresty 1.13.6 1.13.6.2 May 14, 2018 Nov. 13, 2017 May 16, 2019 1 3 0 0
6 Openresty 1.11.2 1.11.2.5 Aug. 17, 2017 Aug. 24, 2016 Aug. 24, 2016 1 3 0 0
7 Openresty 1.9.15 1.9.15.1 June 3, 2016 June 3, 2016 Aug. 24, 2016 1 3 0 0
8 Openresty 1.9.7 1.9.7.5 May 31, 2016 Dec. 25, 2015 June 3, 2016 1 3 0 0
9 Openresty 1.9.3 1.9.3.2 Dec. 23, 2015 Aug. 12, 2015 Dec. 25, 2015 1 3 0 0
10 Openresty 1.7.10 1.7.10.2 July 3, 2015 Feb. 28, 2015 Aug. 12, 2015 1 3 0 0
11 Openresty 1.7.7 1.7.7.2 Feb. 4, 2015 Dec. 6, 2014 Dec. 6, 2014 1 3 0 0
12 Openresty 1.7.4 1.7.4.1 Oct. 9, 2014 Oct. 9, 2014 Dec. 6, 2014 1 3 0 0
13 Openresty 1.7.2 1.7.2.1 July 12, 2014 July 12, 2014 Oct. 9, 2014 1 3 0 0
14 Openresty 1.7.0 1.7.0.1 June 7, 2014 June 7, 2014 June 7, 2014 1 3 0 0
15 Openresty 1.5.12 1.5.12.1 April 29, 2014 April 29, 2014 April 29, 2014 1 3 0 0
16 Openresty 1.5.11 1.5.11.1 March 30, 2014 March 30, 2014 April 29, 2014 1 3 0 0
17 Openresty 1.5.8 1.5.8.1 Jan. 10, 2014 Jan. 10, 2014 March 30, 2014 1 3 0 0
18 Openresty 1.4.3 1.4.3.9 Dec. 14, 2013 Oct. 29, 2013 Jan. 10, 2014 1 3 0 0
19 Openresty 1.4.2 1.4.2.9 Sept. 29, 2013 Aug. 11, 2013 Oct. 29, 2013 1 3 0 0
20 Openresty 1.2.8 1.2.8.6 June 10, 2013 April 26, 2013 Aug. 11, 2013 1 3 0 0
21 Openresty 1.2.7 1.2.7.6 July 17, 2013 Feb. 22, 2013 April 26, 2013 1 3 0 0
22 Openresty 1.2.6 1.2.6.6 Feb. 17, 2013 Jan. 4, 2013 Feb. 22, 2013 1 3 0 0
23 Openresty 1.2.4 1.2.4.14 Dec. 23, 2012 Oct. 14, 2012 Jan. 4, 2013 1 3 0 0
24 Openresty 1.2.3 1.2.3.8 Oct. 8, 2012 Aug. 22, 2012 Oct. 14, 2012 1 3 0 0
25 Openresty 1.2.1 1.2.1.14 Aug. 14, 2012 June 22, 2012 Aug. 22, 2012 1 3 0 0
26 Openresty 1.0.15 1.0.15.11 June 16, 2012 April 29, 2012 June 22, 2012 1 3 0 0
27 Openresty 1.0.11 1.0.11.28 March 25, 2012 Feb. 2, 2012 April 29, 2012 1 3 0 0
28 Openresty 1.0.10 1.0.10.48 Feb. 1, 2012 Nov. 16, 2011 Feb. 2, 2012 1 3 0 0
29 Openresty 1.0.9 1.0.9.10 Nov. 16, 2011 Nov. 8, 2011 Nov. 8, 2011 1 3 0 0
30 Openresty 1.0.8 1.0.8.26 Nov. 3, 2011 Oct. 11, 2011 Nov. 8, 2011 1 3 0 0
31 Openresty 1.0.6 1.0.6.22 Oct. 7, 2011 Sept. 8, 2011 Oct. 11, 2011 1 3 0 0
32 Openresty 1.1 1.1.13.1 Jan. 1, 2000 Jan. 1, 2000 Jan. 1, 2000 1 3 0 0
33 Openresty 0.8 0.8.54.9 Jan. 1, 2000 Jan. 1, 2000 Jan. 1, 2000 1 3 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 7.5
- 		HIGH
Network 		The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. NVD-CWE-noinfo
CVE-2023-44487 cpe:2.3:a:openresty:openresty:*:* 1.21.4.3 2025-03-8 04:15
2023-10-10 		Show GitHub Exploit DB Packet Storm
2 7.7
6.8 		HIGH
Network 		A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process cra… - CVE-2021-23017 cpe:2.3:a:openresty:openresty:*:* 1.19.3.2 2024-11-21 14:51
2021-06-1 		Show GitHub Exploit DB Packet Storm
3 7.5
5.0 		HIGH
Network 		An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. CWE-444
HTTP Request Smuggling 		CVE-2020-11724 cpe:2.3:a:openresty:openresty:*:* 1.15.8.4 2024-11-21 13:58
2020-04-13 		Show GitHub Exploit DB Packet Storm
4 9.8
7.5 		CRITICAL
Network 		In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote… CWE-89
SQL Injection 		CVE-2018-9230 cpe:2.3:a:openresty:openresty:*:* 1.13.6.1 2024-11-21 13:15
2018-04-3 		Show GitHub Exploit DB Packet Storm