Cyber Resilience

CVE-2024-39702

MediumDDoS

Published: 23 July 2024

Published
23 July 2024
Modified
24 September 2025
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0052 67.3th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39702 is a medium-severity Inefficient Algorithmic Complexity (CWE-407) vulnerability in Openresty Openresty. Its CVSS base score is 5.9 (Medium).

Operationally, ranked in the top 32.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via crafted requests, potentially leading to a denial…

more

of service with relatively few incoming requests. This vulnerability only exists in the OpenResty fork in the openresty/luajit2 GitHub repository. The LuaJIT/LuaJIT repository. is unaffected.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

openresty
openresty
1.25.3.1 · 1.19.3.1 — 1.19.9.2 · 1.21.4.1 — 1.21.4.4

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-407

Addresses inefficient algorithms whose complexity can be exploited for DoS.

References