Unrated severityNVD Advisory· Published Dec 27, 2021· Updated Aug 4, 2024
security vulnerability on unauthorized access.
CVE-2021-45232
Description
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin, all APIs and authentication middleware are developed based on framework droplet, but some API directly use the interface of framework gin thus bypassing the authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<2.10.1+ 1 more
- (no CPE)range: <2.10.1
- (no CPE)range: 2.7 and 2.7.1
Patches
Vulnerability mechanics
References
2- www.openwall.com/lists/oss-security/2021/12/27/1mitremailing-listx_refsource_MLIST
- lists.apache.org/thread/979qbl6vlm8269fopfyygnxofgqyn6k5mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.