CVE-2024-32638

CVE-2024-32638: Apache APISIX: Forward-Auth Request Smuggling

Vendor Apache Software Foundation

Product Apache APISIX

Weakness CWE-444

Published May 2, 2024

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue.

Key dates

Disclosure timeline

May 2, 2024 CVE published

February 13, 2025 Record updated