Am I right in interpreting this as only a vulnerability if you use Nginx to proxy to an untrusted server (i.e. not yours) where specially formatted responses can compromise your Nginx?
It would seem to me that this is a particularly rare use case of nginx?
I suppose shared web hosts and services like CloudFlare are the types of implementation that may be affected.
Yes but this can be exploited if a trusted backend server (which is much more common) gets compromised. Basically if you have nginx in front of Node and you manage to execute arbitrary code in Node you could use this as an attack vector to compromise nginx which could act as a front-end to a whole lot of other things.
It would seem to me that this is a particularly rare use case of nginx?
I suppose shared web hosts and services like CloudFlare are the types of implementation that may be affected.