5 posts tagged with "Security"

Apache APISIX Vulnerability for Rewriting X-REAL-IP Header (CVE-2022-24112)

February 11, 2022 · 2 min read

In versions prior to Apache APISIX 2.12.1, there is a risk of rewriting X-REAL-IP header after enabling the Apache APISIX batch-requests plug-in. Now the processing information will be announced.

Apache APISIX Dashboard Unauthorized Access Vulnerability Announcement (CVE-2021-45232)

December 28, 2021 · One min read

Yucheng Zhu

There is a security vulnerability of unauthorized access in Apache APISIX Dashboard 2.7-2.10, and the processing information will be announced.

Apache APISIX Path traversal in request_uri variable(CVE-2021-43557)

November 23, 2021 · 2 min read

Sylvia

In versions prior to Apache APISIX 2.10.2, there was a problem of "bypassing partial restrictions" that caused the risk of path penetration by using the $request_uri variable in Apache APISIX Ingress Controller.

Apache APISIX Dashboard Access Control Bypass Vulnerability Advisory (CVE-2021-33190)

June 17, 2021 · 2 min read

Zhiyuan Ju

Because the application makes access control determinations by obtaining the value of the request header X-Forwarded-For, an attacker can achieve an access control bypass attack by simply tampering with that request header when invoking the API request.

Apache APISIX not affected by NGINX CVE-2021-23017

June 7, 2021 · 2 min read

Ruofei Zhao

On May 26, NGINX issued a security announcement that fixed a DNS resolver vulnerability (CVE -2021-23017) in the NGINX resolver.