CVE-2019-20372

Frank Liu gfrankliu at gmail.com
Mon Oct 5 22:25:31 UTC 2020


Hi,

CVE-2019-20372 mentioned a security vulnerability, but I don't see it in
http://nginx.org/en/security_advisories.html
CVE-2019-20372 did say a fix in nginx 1.17.7.  When I check the CHANGES
<http://nginx.org/en/CHANGES-1.18>, I see bugfix:

    *) Bugfix: requests with bodies were handled incorrectly when returning
       redirections with the "error_page" directive; the bug had appeared in
       0.7.12.

Are those the same thing from this commit
<https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e>?
Is this really a vulnerability? under what conditions?

Thanks!
Frank
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20201005/09f97283/attachment.htm>


More information about the nginx mailing list