VDB
CVE-2024-39702
CVE-2024-39702
PUBLISHED
CVSS 5.900000095367432 MEDIUM
In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT repository. is unaffected.
EPSS 0.52% · 67.2th percentile
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.52%
67.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| openresty | openresty | 1.21.4.1, 1.25.3.1, 1.19.3.1 |
Timeline
- Jul 23, 2024 CVE Published
- Jul 24, 2024 EPSS Score
- Aug 15, 2024 EPSS Score
- Sep 5, 2024 EPSS Score
- Sep 27, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 18, 2024 EPSS Score
- Nov 26, 2024 CVE Updated
- Nov 30, 2024 EPSS Score
- Dec 23, 2024 EPSS Score
- Jan 13, 2025 EPSS Score
- Jan 21, 2025 Coalition ESS Score