Authelia · Authelia · CVE-2021-32637
**Name of the Vulnerable Software and Affected Versions**
Authelia versions prior to 4.29.3
**Description**
The issue affects users who are using nginx ngx http auth request module with Authelia. It allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. This could theoretically affect other proxy servers, but all of the ones officially supported except nginx do not allow malformed URI paths.
**Recommendations**
For versions prior to 4.29.3, the most relevant workaround is upgrading to version 4.29.3 or later.
Alternatively, a git patch can be applied to version 4.25.1 or other versions upon request.
As a temporary workaround, consider adding a block that fails requests containing a malformed URI in the internal location block.