membphis commented on code in PR #1796:
URL: https://github.com/apache/apisix-website/pull/1796#discussion_r1590479433
##########
blog/en/blog/2024/05/02/cve-2024-32638.md:
##########
@@ -1,36 +1,37 @@
---
-title: "Forward-Auth Plugin Request Smuggling( CVE-2024-32638 )"
+title: "HTTP Request Smuggling in forward-auth Plugin (CVE-2024-32638)"
keywords:
- Vulnerability
- forward-auth
- Smuggling
-description: Inconsistent Interpretation of HTTP Requests ('HTTP Request
Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.
-tags: [Security]
+description: Enabling the `forward-auth` plugin allows Apache APISIX to
trigger illegal requests (HTTP Request Smuggling), resulting in a security
vulnerability.
+tags: [Vulnerabilities]
+image:
https://static.apiseven.com/uploads/2024/05/06/Wq940JRt_CVE-2024-32638.png
---
-> In APISIX 3.8.0, 3.9.0, there is a problem of HTTP Request Smuggling caused
by the `forward-auth` plugin.
+> For APISIX versions 3.8.0 and 3.9.0, enabling the forward-auth plugin allows
APISIX to trigger illegal requests (HTTP Request Smuggling).
<!--truncate-->
## Problem Description
-Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
vulnerability in Apache APISIX when using `forward-auth` plugin.
+Enabling the `forward-auth` plugin allows Apache APISIX to trigger illegal
requests (HTTP Request Smuggling), resulting in a security vulnerability.
## Affected Versions
-This issue affects Apache APISIX: from 3.8.0, 3.9.0 .
+This risk affects Apache APISIX versions: 3.8.0 and 3.9.0.
Review Comment:
I think `issue` or `vulnerability` is acceptable here
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
