The official F5 page is here: https://my.f5.com/manage/s/article/K000161019

As noted elsewhere, ASLR protects you. While you are waiting for your affected platform to get the fix, they note the mitigation:

"use named captures instead of unnamed captures in rewrite definition"

"To mitigate this vulnerability for this example, replace $1 and $2 with the appropriate named captures, $user_id and $section"

F5 patched 1.31.0 and 1.30.1.

OpenResty has a patch for 1.27 and 1.29: https://github.com/openresty/openresty/commit/ee60fb9cf645c9...

You can track OpenResty's (a Lua application server based on Nginx) progress here: https://github.com/openresty/openresty/issues/1119