Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup
Vulnerability Description
Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the issue.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Apache APISIX 输入验证错误漏洞
Vulnerability Description
Apache apisix是美国Apache基金会开源的一个动态API网关服务。 Apache APISIX 2.12.0版本至3.16.0及之前版本存在输入验证错误漏洞,该漏洞源于输入验证不当,可能导致攻击者利用forward-auth插件中的配置来伪造身份标头。
CVSS Information
N/A
Vulnerability Type
N/A