CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32638 – Apache APISIX: Forward-Auth Request Smuggling
https://notcve.org/view.php?id=CVE-2024-32638
02 May 2024 — Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue. Vulnerabilidad de interpretación inconsistente de solicitudes HTTP ("contrabando de solicitudes HTTP") en Apache APISIX cuando se utiliza el complemento `forward-auth`. Este problema afecta a Apache APISIX: desde 3.8.0, 3.9.0. Se re... • http://www.openwall.com/lists/oss-security/2024/05/02/2 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 13%CPEs: 1EXPL: 0CVE-2022-29266 – apisix/jwt-auth may leak secrets in error response
https://notcve.org/view.php?id=CVE-2022-29266
20 Apr 2022 — In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information. En APache APISIX antes de la versión 3.13.1, el plugin jwt-auth tiene un problema de seguridad que filtra la clave secreta del usuario porque el mensaje de error devuelto por la dependencia lua-resty-jwt contiene información sensible • http://www.openwall.com/lists/oss-security/2022/04/20/1 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25757 – Apache APISIX: the body_schema check in request-validation plugin can be bypassed
https://notcve.org/view.php?id=CVE-2022-25757
28 Mar 2022 — In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example, `{"string_payload":"bad","string_payload":"good"}` can be used to hide the "bad" input. Systems satisfy three conditions below are affected by this attack: 1. use body_schema validation in the request-validation plugin 2. upstream applicatio... • http://www.openwall.com/lists/oss-security/2022/03/28/2 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 94%CPEs: 2EXPL: 15CVE-2022-24112 – Apache APISIX Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-24112
11 Feb 2022 — An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its... • https://packetstorm.news/files/id/166328 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.8EPSS: 93%CPEs: 1EXPL: 11CVE-2021-45232 – security vulnerability on unauthorized access.
https://notcve.org/view.php?id=CVE-2021-45232
27 Dec 2021 — In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication. En Apache APISIX Dashboard versiones anteriores a 2.10.1, la API del Administrador usa dos frameworks e introduce el framework "droplet" sobre la base del framework "gin", todas las APIs y ... • https://github.com/GYLQ/CVE-2021-45232-RCE • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 47%CPEs: 1EXPL: 3CVE-2021-43557 – Path traversal in request_uri variable
https://notcve.org/view.php?id=CVE-2021-43557
22 Nov 2021 — The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains "^/internal/", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. • https://github.com/xvnpw/k8s-CVE-2021-43557-poc • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2021-33190 – Bypass network access control
https://notcve.org/view.php?id=CVE-2021-33190
08 Jun 2021 — In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limit. At the same time, the default account and password are fixed.Ultimately these factors lead to the issue of security risks. This issue is fixed in APISIX Dashboard 2.6.1 En Apache APISIX Dashboard versión 2.6, hem... • http://www.openwall.com/lists/oss-security/2021/06/08/4 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 6.5EPSS: 94%CPEs: 1EXPL: 5CVE-2020-13945 – Apache APISIX Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-13945
07 Dec 2020 — In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5. En Apache APISIX, el usuario habilitó la API de administración y eliminó las reglas de restricción de IP de acceso de la API de administración. Finalmente, el token predeterminado puede acceder a los datos de administración de APISIX. • https://packetstorm.news/files/id/166228 •