📦 Apisix

This vulnerability allows attackers to bypass JSON validation in Apache APISIX by submitting requests with duplicate keys in JSON payloads. The validation plugin uses a JSON parser that selects the la...

CVE-2022-24112 is a critical authentication bypass vulnerability in Apache APISIX's batch-requests plugin that allows attackers to bypass IP restrictions and execute remote code. Organizations running...

This vulnerability in Apache APISIX exposes basic authentication credentials (usernames and passwords) in plaintext within error logs when log levels are set to INFO or DEBUG. Any system using APISIX ...

This vulnerability allows a local attacker to exploit incorrect file permissions in Apache APISIX's Java plugin runner to elevate privileges. It affects users running Apache APISIX with java-plugin-ru...

CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server resources. This affects any system using HTTP/2, incl...

CVE-2021-43557 is a URI normalization bypass vulnerability in Apache APISIX's uri-block plugin that allows attackers to bypass block lists by using specially crafted URIs with double slashes or other ...

This CVE describes an HTTP request smuggling vulnerability in Apache APISIX when using the forward-auth plugin. Attackers can exploit inconsistent HTTP request parsing to bypass security controls, poi...