Re: CVE-2024-32638: Apache APISIX: Forward-Auth Request Smuggling

[Ram Kumar Mahato]

ok

On Thu, 2 May 2024 at 15:00, YuanSheng Wang  wrote:

> Severity: low
>
> Affected versions:
>
> - Apache APISIX 3.8.0, 3.9.0
>
> Description:
>
> Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
> vulnerability in Apache APISIX when using `forward-auth` plugin.
>
> This issue affects Apache APISIX: from 3.8.0, 3.9.0 .
>
> Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which
> fixes the issue.
>
> Credit:
>
> Discovered and reported by Brandon Arp and Bruno Green of Topsort.
>
> Regards.
>
> --
>
> *MembPhis*
> My GitHub: https://github.com/membphis
> Apache APISIX: https://github.com/apache/apisix
>

CVE-2024-32638: Apache APISIX: Forward-Auth Request Smuggling

[YuanSheng Wang]

Severity: low

Affected versions:

- Apache APISIX 3.8.0, 3.9.0

Description:

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
vulnerability in Apache APISIX when using `forward-auth` plugin.

This issue affects Apache APISIX: from 3.8.0, 3.9.0 .

Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which
fixes the issue.

Credit:

Discovered and reported by Brandon Arp and Bruno Green of Topsort.

Regards.

-- 

*MembPhis*
My GitHub: https://github.com/membphis
Apache APISIX: https://github.com/apache/apisix