| ▲ | neomantra 6 hours ago | |
The official F5 page is here: https://my.f5.com/manage/s/article/K000161019 As noted elsewhere, ASLR protects you. While you are waiting for your affected platform to get the fix, they note the mitigation: "use named captures instead of unnamed captures in rewrite definition" "To mitigate this vulnerability for this example, replace $1 and $2 with the appropriate named captures, $user_id and $section" F5 patched 1.31.0 and 1.30.1. OpenResty has a patch for 1.27 and 1.29: https://github.com/openresty/openresty/commit/ee60fb9cf645c9... You can track OpenResty's (a Lua application server based on Nginx) progress here: https://github.com/openresty/openresty/issues/1119 | ||