CVE-2019-20372
Frank Liu
gfrankliu at gmail.com
Mon Oct 5 22:25:31 UTC 2020
Hi,
CVE-2019-20372 mentioned a security vulnerability, but I don't see it in
http://nginx.org/en/security_advisories.html
CVE-2019-20372 did say a fix in nginx 1.17.7. When I check the CHANGES
<http://nginx.org/en/CHANGES-1.18>, I see bugfix:
*) Bugfix: requests with bodies were handled incorrectly when returning
redirections with the "error_page" directive; the bug had appeared in
0.7.12.
Are those the same thing from this commit
<https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e>?
Is this really a vulnerability? under what conditions?
Thanks!
Frank
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20201005/09f97283/attachment.htm>
More information about the nginx
mailing list