PT-2024-24735 · Apache · Apache Apisix

Brandon Arp

Published

2024-05-02

Updated

2025-07-10

CVE-2024-32638

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.8.0 through 3.9.0

Description The issue is related to an Inconsistent Interpretation of HTTP Requests, also known as 'HTTP Request Smuggling', in Apache APISIX when using the forward-auth plugin.

Recommendations For Apache APISIX versions 3.8.0, upgrade to version 3.8.1 or higher. For Apache APISIX version 3.9.0, upgrade to version 3.9.1 or higher.

Fix

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

BIT-APISIX-2024-32638

CVE-2024-32638

Affected Products

Apache Apisix

PT-2024-24735 · Apache · Apache Apisix

CVE-2024-32638

Weakness Enumeration

Related Identifiers

Affected Products

References · 10