There is a security vulnerability of unauthorized access in Apache APISIX Dashboard 2.7-2.10, and the processing information will be announced.
Apache APISIX Dashboard Unauthorized Access Vulnerability Announcement (CVE-2021-45232)
· One min read
4 posts tagged with "Security"
View All TagsApache APISIX Path traversal in request_uri variable(CVE-2021-43557)
· 2 min read
In versions prior to Apache APISIX 2.10.2, there was a problem of "bypassing partial restrictions" that caused the risk of path penetration by using the $request_uri variable in Apache APISIX Ingress Controller.
Apache APISIX Dashboard Access Control Bypass Vulnerability Advisory (CVE-2021-33190)
· 2 min read
Because the application makes access control determinations by obtaining the value of the request header
X-Forwarded-For, an attacker can achieve an access control bypass attack by simply tampering with that request header when invoking the API request.
Apache APISIX not affected by NGINX CVE-2021-23017
· 2 min read
On May 26, NGINX issued a security announcement that fixed a DNS resolver vulnerability (CVE -2021-23017) in the NGINX resolver.