In APISIX 2.13.0 and previous versions, there is a problem of information leakage caused by the
jwt- authplugin.
The Vulnerability of Leaking Information in Error Response from jwt-auth Plugin(CVE-2022-29266)
· 2 min read
6 posts tagged with "Security"
View All TagsApache APISIX Vulnerability for Rewriting X-REAL-IP Header (CVE-2022-24112)
· 2 min read
In versions prior to Apache APISIX 2.12.1, there is a risk of rewriting X-REAL-IP header after enabling the Apache APISIX
batch-requestsplug-in. Now the processing information will be announced.
Apache APISIX Dashboard Unauthorized Access Vulnerability Announcement (CVE-2021-45232)
· One min read
There is a security vulnerability of unauthorized access in Apache APISIX Dashboard 2.7-2.10, and the processing information will be announced.
Apache APISIX Path traversal in request_uri variable(CVE-2021-43557)
· 2 min read
In versions prior to Apache APISIX 2.10.2, there was a problem of "bypassing partial restrictions" that caused the risk of path penetration by using the $request_uri variable in Apache APISIX Ingress Controller.
APISIX Dashboard Access Control Bypass Vulnerability Advisory (CVE-2021-33190)
· 2 min read
Because the application makes access control determinations by obtaining the value of the request header
X-Forwarded-For, an attacker can achieve an access control bypass attack by simply tampering with that request header when invoking the API request.
Apache APISIX not affected by NGINX CVE-2021-23017
· 2 min read
On May 26, NGINX issued a security announcement that fixed a DNS resolver vulnerability (CVE -2021-23017) in the NGINX resolver.