Guangli Dong

**Name of the Vulnerable Software and Affected Versions** Apache APISIX versions prior to 2.13.0 **Description** The issue allows an attacker to bypass body schema validation in the request-validation plugin by passing a JSON with a duplicate key. This can be achieved by sending a JSON payload such as `{"string payload":"bad","string payload":"good"}` to hide the "bad" input. The attack is successful if three conditions are met: the system uses body schema validation in the request-validation plugin, the upstream application uses a special JSON library that chooses the first occurred value (like jsoniter or gojay), and the upstream application does not validate the input anymore. **Recommendations** For Apache APISIX versions prior to 2.13.0, update to version 2.13.0 or later to resolve the issue. As a temporary workaround, consider re-encoding the validated JSON input back into the request body at the side of Apache APISIX to prevent bypassing of the body schema validation.