Inconsistent Interpretation of HTTP Requests Vulnerability in Apache APISIX

CVE-2024-32638

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Apisix
Vendor: CVE Published:; 2 May 2024

Badges

📰 News Worthy

Summary

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue.

Affected Version(s)

Apache APISIX <= 3.9.0

News Articles

prophaze.com

CVE-2024-32638

CVE-2024-32638 : APACHE APISIX 3.8.0/3.9.0 FORWARD-AUTH PLUGIN REQUEST SMUGGLING - Cloud WAF

CVE-2024-32638 : Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.

5 months ago

Timeline

First article discovered by prophaze.com
May 3, 2024
Vulnerability published.
May 2, 2024
Vulnerability Reserved.
Apr 16, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

Discovered and reported by Brandon Arp and Bruno Green of Topsort.