Comment Turn off transponder or send false data (Score 1) 85
This system requires trust.
According to the bug report:
The regexp in `fastcgi_split_path_info` directive can be broken using the newline character (in encoded form, %0a). Broken regexp leads to empty PATH_INFO, which triggers the bug.
According to NGINX documentation:
If the directive is specified with if_not_empty (1.1.11) then such a parameter will be passed to the server only if its value is not empty:
So this line in your configuration should prevent the problem in older versions of NGINX:
fastcgi_param PATH_INFO $fastcgi_path_info if_not_empty;
The price one pays for pursuing any profession, or calling, is an intimate knowledge of its ugly side. -- James Baldwin