Seungmyung Lee

**Name of the Vulnerable Software and Affected Versions** Apache APISIX versions 2.12.0 through 3.15.0 **Description** A header injection issue exists in the forward-auth plugin due to improper neutralization of CRLF sequences (Carriage Return Line Feed, a special sequence of characters used to mark the end of a line of text). A remote attacker can exploit this by sending specially crafted HTTP requests to inject malicious headers, potentially bypassing security mechanisms and gaining unauthorized access to protected information. **Recommendations** Upgrade to version 3.16.0.