CVE-2021-45232 – Apache / APISIX – Missing authentication for critical function
CVE-2021-45232 is a missing authentication for critical function vulnerability impacting Apache APISIX versions 2.10.0 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.
Summary:
CVE-2021-45232 is a missing authentication for critical function vulnerability impacting Apache APISIX versions 2.10.0 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.
PoC Links(if available):
GitHub commit exploit –
https://github.com/wuppp/cve-2021-45232-exp
Known Counter Measures:
Apache addressed the vulnerability in APISIX version 2.10.1.
Links to patches(if available)
https://apisix.apache.org/downloads/