-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
nginx.html
108 lines (100 loc) · 5.87 KB
/
nginx.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
<!doctype html>
<html lang="en-AU" xml:lang="en-AU" dir="ltr">
<head>
<meta charset="utf-8" />
<meta property="og:title" content="Vulnerability Charts – Nginx" />
<meta property="og:description" content="A chart of which Nginx versions are safe/unsafe, and their CVSS." />
<meta property="og:image" content="https://maikuolan.github.io/Vulnerability-Charts/vcharts.png" />
<meta property="og:url" content="https://maikuolan.github.io/Vulnerability-Charts/nginx.html" />
<link rel="stylesheet" href="styles.css" />
<title>Vulnerability Charts</title>
</head>
<body>
<div class="co"><div class="ci">
<hr />
<h1>Vulnerability Charts</h1>
<p><em>Last modified: <time datetime="2024-09.21">2024.09.21</time></em></p>
<p><em>
CVSS values listed are those of the highest scoring CVEs for any listed version.
The highest possible score is <span class="xr"><strong>10.0</strong></span>, indicating that a version is considered
to be <span class="xr"><strong>❌ extremely unsafe</strong></span>. The lowest possible score is
<span class="xg"><strong>0.0</strong></span>, indicating that a version is <strong><em>currently</em></strong>
considered to be <span class="xg"><strong>✔️ safe</strong></span> (although, other designations are possible,
depending on other factors, such as whether the product has reached EoL, is still actively supported, is still under
development and therefore whether it's ready to be used in a production environment and etc).<br />
<br />
Versions will also be marked as either <span class="xg"><strong>✔️ safe</strong></span> or
<span class="xr"><strong>❌ unsafe</strong></span> accordingly, or as
<span class="xb"><strong>➖ in development</strong></span> (versions marked as in development may be safe, but aren't
yet considered to be ready for a production environment, or may have a changing codebase, which therefore can't yet
be predicated as either safe or unsafe), or as <span class="xo"><strong>〰️ disputed</strong></span> (CVEs exist, and
there are sources which identify the version as unsafe, but the CVE or unsafe designation may be disputed, either by
the vendor itself or alternative sources).<br />
<br />
Please note that a <span class="xg"><strong>✔️ safe</strong></span> designation does <span class="xr"><strong>NOT</strong></span> mean that the designated versions are <strong>free from bugs and errors</strong>!
When a new "patch release" becomes available, in general, these patch releases rectify various problems, bugs and so forth which could be encountered when using outdated versions from prior to the particular patch release.
As such, using the latest version for any particular branch is always advised in favour of using older, outdated versions.<br />
<br />
If you find any errors, would like to add to the list or make some changes, please send a pull request to the <a href="https://github.com/Maikuolan/Vulnerability-Charts">GitHub repository</a> for this page.<br />
Licensing (for this repository): <a href="https://github.com/Maikuolan/Vulnerability-Charts/blob/gh-pages/LICENSE.txt">MIT License</a> (feel free to copy and adapt it if you want).
</em></p>
<hr />
<table>
<tr>
<td colspan="2"></td>
<td class="h1t">CVSS</td>
<td class="h1">Safe?</td>
<td class="h1">Notes</td>
</tr>
<tr>
<td class="h1l" rowspan="7"><span class="tb"><a href="https://www.cvedetails.com/vulnerability-list/vendor_id-10048/product_id-17956/Nginx-Nginx.html">Nginx versions</a></span></td>
<td class="h2">Nginx 1.27.1<br /><small>(2024.08.14)</small></td>
<td class="h2"><span class="xg">0.0</span></td>
<td class="h2"><span class="xg">✔️</span></td>
<td class="h2">(<a href="http://nginx.org/en/download.html">1.27.1</a> is the current latest version).</td>
</tr>
<tr>
<td class="h2">Nginx 1.27.0<br /><small>(2024.05.29)</small></td>
<td class="h2"><span class="xo">5.7</span></td>
<td class="h2"><span class="xo">❌</span></td>
<td class="h2"><small>See: <a href="https://github.com/advisories/GHSA-3r23-64c4-mj87">GHSA-3r23-64c4-mj87/CVE-2024-7347</a></small></td>
</tr>
<tr>
<td class="h2">Nginx 1.25.4 – 1.26.1<br /><small>(2024.02.14 – 2024.05.29)</small></td>
<td class="h2"><span class="xo">6.5</span></td>
<td class="h2"><span class="xo">❌</span></td>
<td class="h2"><small>See: <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-32760">CVE-2024-32760</a></small></td>
</tr>
<tr>
<td class="h2">Nginx 1.23.2 – 1.25.3<br /><small>(2022.10.19 – 2023.10.24)</small></td>
<td class="h2"><span class="xr">7.5</span></td>
<td class="h2"><span class="xr">❌</span></td>
<td class="h2"><small>See: <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-24989">CVE-2024-24989</a>, <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-24990">CVE-2024-24990</a></small></td>
</tr>
<tr>
<td class="h2">Nginx 1.20.1 – 1.23.1<br /><small>(2021.05.25 – 2022.07.19)</small></td>
<td class="h2"><span class="xr">7.8</span></td>
<td class="h2"><span class="xr">❌</span></td>
<td class="h2">
<small>See: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-41741">CVE-2022-41741</a></small>
</td>
</tr>
<tr>
<td class="h2 eol">Nginx 1.0.0 – 1.20.0<br /><small>(2011.04.12 – 2021.04.20)</small></td>
<td class="h2 eol"><span class="xr">9.4</span></td>
<td class="h2 eol"><span class="xr">❌</span></td>
<td class="h2 eol">
<small>See: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23017">CVE-2021-23017</a>, <a href="http://nginx.org/en/security_advisories.html">nginx security advisories</a></small>
</td>
</tr>
<tr>
<td class="h2 eol">Nginx < 1.0.0<br /><small>(< 2011.04.12)</small></td>
<td class="h2 eol"><span class="xr">9.4~9.8</span></td>
<td class="h2 eol"><span class="xr">❌</span></td>
<td class="h2 eol"></td>
</tr>
</table>
<hr />
</div></div>
</body>
</html>