Re: CVE-2024-32638: Apache APISIX: Forward-Auth Request Smuggling

Ram Kumar Mahato Sun, 05 May 2024 21:46:01 -0700

ok

On Thu, 2 May 2024 at 15:00, YuanSheng Wang <membp...@apache.org> wrote:


> Severity: low
>
> Affected versions:
>
> - Apache APISIX 3.8.0, 3.9.0
>
> Description:
>
> Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
> vulnerability in Apache APISIX when using `forward-auth` plugin.
>
> This issue affects Apache APISIX: from 3.8.0, 3.9.0 .
>
> Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which
> fixes the issue.
>
> Credit:
>
> Discovered and reported by Brandon Arp and Bruno Green of Topsort.
>
> Regards.
>
> --
>
> *MembPhis*
> My GitHub: https://github.com/membphis
> Apache APISIX: https://github.com/apache/apisix
>

Re: CVE-2024-32638: Apache APISIX: Forward-Auth Request Smuggling

Reply via email to