CVE-2024-32638 – Apache APISIX: Forward-Auth Request Smuggling
https://notcve.org/view.php?id=CVE-2024-32638
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue. Vulnerabilidad de interpretación inconsistente de solicitudes HTTP ("contrabando de solicitudes HTTP") en Apache APISIX cuando se utiliza el complemento `forward-auth`. Este problema afecta a Apache APISIX: desde 3.8.0, 3.9.0. Se recomienda a los usuarios actualizar a la versión 3.8.1, 3.9.1 o superior, lo que soluciona el problema. • http://www.openwall.com/lists/oss-security/2024/05/02/2 https://lists.apache.org/thread/ngvgxllw4zn4hgngkqw2o225kf9wotov • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •