Apache · Apache Apisix · CVE-2024-32638
**Name of the Vulnerable Software and Affected Versions**
Apache APISIX versions 3.8.0 through 3.9.0
**Description**
The issue is related to an Inconsistent Interpretation of HTTP Requests, also known as 'HTTP Request Smuggling', in Apache APISIX when using the `forward-auth` plugin.
**Recommendations**
For Apache APISIX versions 3.8.0, upgrade to version 3.8.1 or higher.
For Apache APISIX version 3.9.0, upgrade to version 3.9.1 or higher.