CVE-2021-43557— Path traversal in request_uri variable
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-43557
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path traversal in request_uri variable
Source: NVD (National Vulnerability Database)
Vulnerability Description
The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains "^/internal/", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer's custom plugin.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Apisix 命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Apisix是美国阿帕奇(Apache)基金会的一个云原生的微服务API网关服务。该软件基于 OpenResty 和 etcd 来实现,具备动态路由和插件热加载,适合微服务体系下的 API 管理。 Apache APISIX 存在命令注入漏洞,该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache APISIX | 1.5 ~ Apache APISIX 1.5* | - |
II. Public POCs for CVE-2021-43557
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | PoC for CVE-2021-43557 | https://github.com/xvnpw/k8s-CVE-2021-43557-poc | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-43557
请登录查看更多情报信息。
- https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7hx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-43557
IV. Related Vulnerabilities
Same product: Apache APISIX
- CVE-2026-31923
Apache APISIX: Openid-connect `tls_verify` field is disabled - CVE-2026-31924
Apache APISIX: Plugin tencent-cloud-cls log export uses plai - CVE-2026-31908
Apache APISIX: forward auth plugin allows header injection - CVE-2025-62232
Apache APISIX: basic-auth logs plaintext credentials at info - CVE-2025-46647
Apache APISIX: improper validation of issuer from introspect
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
V. Comments for CVE-2021-43557
No comments yet