CVE-2024-31079 in nginx

Disclosed: 2024-07-01 08:41:08 By noentry To ibb

Medium

Vulnerability Details

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over. ## Impact An undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact.

Actions

View on HackerOne

Report Stats

Report ID: 2526051
State: Closed
Substate: resolved
Upvotes: 29

CVE-2024-31079 in nginx

Vulnerability Details

Actions

Report Stats

Share this report