Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NApache Apisix
APPApache2.12.0 – 3.16.0 (bez)
Related vulnerabilities
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A ...
In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurre...
Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authenti...
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to `ssl_ve...
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error ...