CVE-2024-32638

2024-05-0210:15:08

CWE-444

[email protected]

web.nvd.nist.gov

cve-2024-32638

http request smuggling

apache apisix

forward-auth plugin

upgrade

security vulnerability

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

JSON

Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’) vulnerability in Apache APISIX when using forward-auth plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0.

Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue.

References

www.openwall.com/lists/oss-security/2024/05/02/2

lists.apache.org/thread/ngvgxllw4zn4hgngkqw2o225kf9wotov