CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 13%CPEs: 1EXPL: 0CVE-2022-29266 – apisix/jwt-auth may leak secrets in error response
https://notcve.org/view.php?id=CVE-2022-29266
20 Apr 2022 — In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information. En APache APISIX antes de la versión 3.13.1, el plugin jwt-auth tiene un problema de seguridad que filtra la clave secreta del usuario porque el mensaje de error devuelto por la dependencia lua-resty-jwt contiene información sensible • http://www.openwall.com/lists/oss-security/2022/04/20/1 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25757 – Apache APISIX: the body_schema check in request-validation plugin can be bypassed
https://notcve.org/view.php?id=CVE-2022-25757
28 Mar 2022 — In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example, `{"string_payload":"bad","string_payload":"good"}` can be used to hide the "bad" input. Systems satisfy three conditions below are affected by this attack: 1. use body_schema validation in the request-validation plugin 2. upstream applicatio... • http://www.openwall.com/lists/oss-security/2022/03/28/2 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 94%CPEs: 2EXPL: 15CVE-2022-24112 – Apache APISIX Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-24112
11 Feb 2022 — An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its... • https://packetstorm.news/files/id/166328 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.5EPSS: 47%CPEs: 1EXPL: 3CVE-2021-43557 – Path traversal in request_uri variable
https://notcve.org/view.php?id=CVE-2021-43557
22 Nov 2021 — The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains "^/internal/", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. • https://github.com/xvnpw/k8s-CVE-2021-43557-poc • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 94%CPEs: 1EXPL: 5CVE-2020-13945 – Apache APISIX Remote Code Execution
https://notcve.org/view.php?id=CVE-2020-13945
07 Dec 2020 — In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5. En Apache APISIX, el usuario habilitó la API de administración y eliminó las reglas de restricción de IP de acceso de la API de administración. Finalmente, el token predeterminado puede acceder a los datos de administración de APISIX. • https://packetstorm.news/files/id/166228 •