An attacker can exploit multiple vulnerabilities in NGINX Plus and NGINX to conduct a Denial of Service attack, manipulate data, bypass security measures, and potentially execute arbitrary code.
| Vendor | Product | Versions |
|---|---|---|
| nginx | nginx plus | — |
Updated description with additional details on data manipulation and security bypass, and added new tags for data manipulation and bypass security.
Updated description with new details about information disclosure and added CWE-200 and a new tag for information disclosure.
Updated description with more technical details and changed severity from MEDIUM to HIGH.
Updated description to include potential information disclosure and marked exploit availability and active exploitation as true.
Initial creation
