2 matches found
CVE-2021-45232
In Apache APISIX Dashboard before version 2.10.1, the Manager API is implemented using two frameworks (gin and the droplet-based framework) with all APIs and authentication middleware built on droplet, while some APIs directly call gin interfaces, bypassing authentication. This leads to an authen...
CVE-2021-33190
CVE-2021-33190 – APISIX Dashboard 2.6 : The issue arises from using a risky IP acquisition function in the IP Allowed List, enabling bypass of network access restrictions when listen_host defaults to 0.0.0.0. This is fixed in APISIX Dashboard 2.6.1. Some sources also note an authentication bypass...