CVE-2021-43557

Exploit

EPSS 58.26%
Published 22.11.2021 09:15:07
Last modified 21.11.2024 06:29:25
Source security@apache.org
Teams watchlist Login
Open Login

The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains "^/internal/", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer's custom plugin.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Apisix Version < 2.10.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	58.26%	0.981

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

http://www.openwall.com/lists/oss-security/2021/11/22/1

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2021/11/22/2

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2021/11/23/1

Third Party Advisory

Exploit

Mailing List

https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h

Vendor Advisory