Published: 22/11/2021 Updated: 26/11/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The uri-block plugin in Apache APISIX prior to 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains "^/internal/", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer's custom plugin.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache apisix

Mailing Lists

Hi, Thanks to Marcin, and Apache APISIX's Website just published his blog about this CVE[1] Welcome to read this post :) [1] apisixapacheorg/blog/2021/11/23/cve-2021-43557-research-report Best Regards! @ Zhiyuan Ju <githubcom/juzhiyuan> Zexuan Luo <spacewander () apache org> 于2021年11月22日周一 下午2: ...