CVE-2021-32637

Name of the Vulnerable Software and Affected Versions Authelia versions prior to 4.29.3

Description The issue affects users who are using nginx ngx http auth request module with Authelia. It allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. This could theoretically affect other proxy servers, but all of the ones officially supported except nginx do not allow malformed URI paths.

Recommendations For versions prior to 4.29.3, the most relevant workaround is upgrading to version 4.29.3 or later. Alternatively, a git patch can be applied to version 4.25.1 or other versions upon request. As a temporary workaround, consider adding a block that fails requests containing a malformed URI in the internal location block.