CVE-2018-19991

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-19991

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-19991.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-19991

Published

2018-12-10T00:29:00.200Z

Modified

2025-11-14T08:28:52.632568Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for geturiargs or getpostargs) to block the API misuse described in CVE-2018-9230.

References

https://github.com/alexazhou/VeryNginx/issues/218

Affected packages

Git / github.com/alexazhou/verynginx

Affected ranges

Type: GIT
Repo: https://github.com/alexazhou/verynginx
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

cc56772325866d713088558f2bb30f540e2b281d

Affected versions

V0.*

V0.1-beta1

v0.*

v0.1-beta2

v0.1-beta3

v0.1-beta4

v0.2

v0.2-beta1

v0.2-beta2

v0.2-beta3

v0.2-beta4

v0.2-beta5

v0.2-beta6

v0.2.1

v0.3

v0.3.1

v0.3.2

v0.3.3