Lucene search

[email protected]NVD:CVE-2024-32638

HistoryMay 02, 2024 - 10:15 a.m.

CVE-2024-32638

2024-05-0210:15:08

CWE-444

[email protected]

web.nvd.nist.gov

http request smuggling

apache apisix

forward-auth plugin

cve-2024-32638

upgrade

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

6.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in Apache APISIX when using forward-auth plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0.

Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue.

References

www.openwall.com/lists/oss-security/2024/05/02/2

lists.apache.org/thread/ngvgxllw4zn4hgngkqw2o225kf9wotov