Описание
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using forward-auth plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0.
Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:apisix:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apisix:3.9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00266
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-444
CWE-444
Связанные уязвимости
CVSS3: 6.3
github
почти 2 года назад
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue.
EPSS
Процентиль: 50%
0.00266
Низкий
6.3 Medium
CVSS3
Дефекты
CWE-444
CWE-444