ngx_http_lua_module is vulnerable to authentication bypass. The vulnerability exists because it doesn’t properly restrict the user inputs which allows an attacker to insert unsafe characters in an argument when using the API to mutate a URI, or a request or response header.