CVE-2019-20372

Frank Liu Mon, 05 Oct 2020 15:26:13 -0700

Hi,

CVE-2019-20372 mentioned a security vulnerability, but I don't see it in
http://nginx.org/en/security_advisories.html
CVE-2019-20372 did say a fix in nginx 1.17.7.  When I check the CHANGES
<http://nginx.org/en/CHANGES-1.18>, I see bugfix:


    *) Bugfix: requests with bodies were handled incorrectly when returning
       redirections with the "error_page" directive; the bug had appeared in
       0.7.12.

Are those the same thing from this commit
<https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e>?
Is this really a vulnerability? under what conditions?

Thanks!
Frank

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

CVE-2019-20372

Reply via email to