CVE-2021-45232 – Apache / APISIX – Missing authentication for critical function

CVE-2021-45232 is a missing authentication for critical function vulnerability impacting Apache APISIX versions 2.10.0 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.

Summary:

CVE-2021-45232 is a missing authentication for critical function vulnerability impacting Apache APISIX versions 2.10.0 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground.

PoC Links(if available):

GitHub commit exploit –
https://github.com/wuppp/cve-2021-45232-exp

Known Counter Measures:

Apache addressed the vulnerability in APISIX version 2.10.1.

Links to patches(if available)

https://apisix.apache.org/downloads/