Severity: low
Affected versions:
- Apache APISIX 3.8.0, 3.9.0
Description:
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
vulnerability in Apache APISIX when using `forward-auth` plugin.
This issue affects Apache APISIX: from 3.8.0, 3.9.0 .
Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which
fixes the issue.
Credit:
Discovered and reported by Brandon Arp and Bruno Green of Topsort.
Regards.
--
*MembPhis*
My GitHub: https://github.com/membphis
Apache APISIX: https://github.com/apache/apisix