Releases62
Frequency2 months 1 week
Last Release
Stars13.3K
A distribution of Nginx with some advanced features

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
7.5 HIGH

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

= 2.2.27.5 HIGH

The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.

= 1.05.5 MEDIUM4.3 MEDIUM

The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated "I don't think there is an proof of overflow so far.