VDB

CVE-2024-39702

CVE-2024-39702 PUBLISHED CVSS 5.900000095367432 MEDIUM

In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT repository. is unaffected.

EPSS 0.52% · 67.2th percentile

Risk Scores

CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.52%
67.2th percentile

Affected Products

VendorProductVersions
n/an/a*
openrestyopenresty1.21.4.1, 1.25.3.1, 1.19.3.1

Timeline

  • Jul 23, 2024 CVE Published
  • Jul 24, 2024 EPSS Score
  • Aug 15, 2024 EPSS Score
  • Sep 5, 2024 EPSS Score
  • Sep 27, 2024 EPSS Score
  • Oct 4, 2024 Coalition ESS Score
  • Oct 18, 2024 EPSS Score
  • Nov 26, 2024 CVE Updated
  • Nov 30, 2024 EPSS Score
  • Dec 23, 2024 EPSS Score
  • Jan 13, 2025 EPSS Score
  • Jan 21, 2025 Coalition ESS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›