VulnerabilitiesHTTP Request Smuggling in forward-auth Plugin (CVE-2024-32638)For APISIX versions 3.8.0 and 3.9.0, enabling the forward-auth plugin allows APISIX to trigger illegal requests (HTTP Request Smuggling).
VulnerabilitiesThe Vulnerability of Leaking Information in Error Response from jwt-auth Plugin(CVE-2022-29266)In APISIX 2.13.0 and previous versions, there is a problem of information leakage caused by the jwt- auth plugin.
VulnerabilitiesApache APISIX Vulnerability for Rewriting X-REAL-IP Header (CVE-2022-24112)In versions prior to Apache APISIX 2.12.1, there is a risk of rewriting X-REAL-IP header after enabling the Apache APISIX batch-requests plug-in. Now the processing information will be announced.
VulnerabilitiesApache APISIX Dashboard Unauthorized Access Vulnerability Announcement (CVE-2021-45232)There is a security vulnerability of unauthorized access in Apache APISIX Dashboard 2.7-2.10, and the processing information will be announced.
VulnerabilitiesApache APISIX Path traversal in request_uri variable(CVE-2021-43557)In versions prior to Apache APISIX 2.10.2, there was a problem of "bypassing partial restrictions" that caused the risk of path penetration by using the $request_uri variable in Apache APISIX Ingress ...
VulnerabilitiesAPISIX Dashboard Access Control Bypass Vulnerability Advisory (CVE-2021-33190)Because the application makes access control determinations by obtaining the value of the request header X-Forwarded-For, an attacker can achieve an access control bypass attack by simply tampering with that request header when invoking the API request.
VulnerabilitiesApache APISIX not affected by NGINX CVE-2021-23017On May 26, NGINX issued a security announcement that fixed a DNS resolver vulnerability (CVE -2021-23017) in the NGINX resolver.
VulnerabilitiesApache APISIX Contributor Interview | Pengcheng Wang from PricewaterhouseCoopersRecently, Pengcheng Wang, a senior security consultant from PwC's South China Data Security and Privacy team, reported the first CVE for Apache APISIX to the National Information Security Vulnerabilit...
