cvelistv5 - cve-2021-43557

CVE-2021-43557 (GCVE-0-2021-43557)

Vulnerability from cvelistv5 – Published: 2021-11-22 08:25 – Updated: 2024-08-04 04:03

Summary

Severity ?

No CVSS data available.

CWE

Use Nginx's $request_uri variable without verification

Assigner

apache

References

URL

Tags

	https://lists.apache.org/thread/18jyd458ptocr31rn…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2021/11/22/1	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/11/22/2	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/11/23/1	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache APISIX	Affected: 1.5 , < Apache APISIX 1.5* (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:03:07.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h"
          },
          {
            "name": "[oss-security] 20211122 CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/11/22/1"
          },
          {
            "name": "[oss-security] 20211122 Re: CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/11/22/2"
          },
          {
            "name": "[oss-security] 20211123 Re: CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/11/23/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache APISIX",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "Apache APISIX 1.5*",
              "status": "affected",
              "version": "1.5",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains \"^/internal/\", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer\u0027s custom plugin."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use Nginx\u0027s $request_uri variable without verification",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-23T12:06:15",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h"
        },
        {
          "name": "[oss-security] 20211122 CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/11/22/1"
        },
        {
          "name": "[oss-security] 20211122 Re: CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/11/22/2"
        },
        {
          "name": "[oss-security] 20211123 Re: CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/11/23/1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Path traversal in request_uri variable",
      "workarounds": [
        {
          "lang": "en",
          "value": "1. Upgrade to APISIX 2.10.2, or apply this commit which provides a normalized $request_uri: https://github.com/apache/apisix/commit/9fc38330e82ce46e2aaabceef7d61708c91782db\n2. Carefully review custom code, find \u0026 fix the usage of $request_uri without verification."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-43557",
          "STATE": "PUBLIC",
          "TITLE": "Path traversal in request_uri variable"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache APISIX",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_name": "Apache APISIX 1.5",
                            "version_value": "1.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains \"^/internal/\", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer\u0027s custom plugin."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use Nginx\u0027s $request_uri variable without verification"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h"
            },
            {
              "name": "[oss-security] 20211122 CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/11/22/1"
            },
            {
              "name": "[oss-security] 20211122 Re: CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/11/22/2"
            },
            {
              "name": "[oss-security] 20211123 Re: CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/11/23/1"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "1. Upgrade to APISIX 2.10.2, or apply this commit which provides a normalized $request_uri: https://github.com/apache/apisix/commit/9fc38330e82ce46e2aaabceef7d61708c91782db\n2. Carefully review custom code, find \u0026 fix the usage of $request_uri without verification."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-43557",
    "datePublished": "2021-11-22T08:25:09",
    "dateReserved": "2021-11-09T00:00:00",
    "dateUpdated": "2024-08-04T04:03:07.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.10.2\", \"matchCriteriaId\": \"E6E300E2-7036-4813-B7A7-48F922753C76\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains \\\"^/internal/\\\", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer\u0027s custom plugin.\"}, {\"lang\": \"es\", \"value\": \"El plugin uri-block en Apache APISIX versiones anteriores a 2.10.2, usa $request_uri sin verificaci\\u00f3n. La $request_uri es la URI original completa de la petici\\u00f3n sin normalizar. Esto hace posible construir un URI para evitar la lista de bloqueo en algunas ocasiones. Por ejemplo, cuando la lista de bloqueo contiene \\\"^/internal/\\\", puede usarse una URI como \\\"//internal/\\\" para omitirla. Algunos otros plugins tambi\\u00e9n presentan el mismo problema. Y puede afectar al plugin personalizado del desarrollador\"}]",
      "id": "CVE-2021-43557",
      "lastModified": "2024-11-21T06:29:25.887",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-11-22T09:15:07.627",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2021/11/22/1\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/11/22/2\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/11/23/1\", \"source\": \"security@apache.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h\", \"source\": \"security@apache.org\", \"tags\": [\"Exploit\", \"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/11/22/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/11/22/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2021/11/23/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-43557\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2021-11-22T09:15:07.627\",\"lastModified\":\"2024-11-21T06:29:25.887\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains \\\"^/internal/\\\", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer\u0027s custom plugin.\"},{\"lang\":\"es\",\"value\":\"El plugin uri-block en Apache APISIX versiones anteriores a 2.10.2, usa $request_uri sin verificaci\u00f3n. La $request_uri es la URI original completa de la petici\u00f3n sin normalizar. Esto hace posible construir un URI para evitar la lista de bloqueo en algunas ocasiones. Por ejemplo, cuando la lista de bloqueo contiene \\\"^/internal/\\\", puede usarse una URI como \\\"//internal/\\\" para omitirla. Algunos otros plugins tambi\u00e9n presentan el mismo problema. Y puede afectar al plugin personalizado del desarrollador\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.10.2\",\"matchCriteriaId\":\"E6E300E2-7036-4813-B7A7-48F922753C76\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2021/11/22/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/11/22/2\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/11/23/1\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/11/22/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/11/22/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/11/23/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Vendor Advisory\"]}]}}"
  }
}

GSD-2021-43557

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-43557

Aliases

CVE-2021-43557

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-43557",
    "description": "The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains \"^/internal/\", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer\u0027s custom plugin.",
    "id": "GSD-2021-43557"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-43557"
      ],
      "details": "The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains \"^/internal/\", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer\u0027s custom plugin.",
      "id": "GSD-2021-43557",
      "modified": "2023-12-13T01:23:26.641100Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2021-43557",
        "STATE": "PUBLIC",
        "TITLE": "Path traversal in request_uri variable"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache APISIX",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003e=",
                          "version_name": "Apache APISIX 1.5",
                          "version_value": "1.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains \"^/internal/\", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer\u0027s custom plugin."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": [
        {
          "other": "moderate"
        }
      ],
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Use Nginx\u0027s $request_uri variable without verification"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h"
          },
          {
            "name": "[oss-security] 20211122 CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2021/11/22/1"
          },
          {
            "name": "[oss-security] 20211122 Re: CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2021/11/22/2"
          },
          {
            "name": "[oss-security] 20211123 Re: CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2021/11/23/1"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      },
      "work_around": [
        {
          "lang": "eng",
          "value": "1. Upgrade to APISIX 2.10.2, or apply this commit which provides a normalized $request_uri: https://github.com/apache/apisix/commit/9fc38330e82ce46e2aaabceef7d61708c91782db\n2. Carefully review custom code, find \u0026 fix the usage of $request_uri without verification."
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.10.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-43557"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains \"^/internal/\", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer\u0027s custom plugin."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Mailing List",
                "Vendor Advisory"
              ],
              "url": "https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h"
            },
            {
              "name": "[oss-security] 20211122 Re: CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/11/22/2"
            },
            {
              "name": "[oss-security] 20211122 CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/11/22/1"
            },
            {
              "name": "[oss-security] 20211123 Re: CVE-2021-43557: Apache APISIX: Path traversal in request_uri variable",
              "refsource": "MLIST",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/11/23/1"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-11-26T15:47Z",
      "publishedDate": "2021-11-22T09:15Z"
    }
  }
}

GHSA-9WXC-375C-CVQ2

Vulnerability from github – Published: 2021-11-23 00:00 – Updated: 2021-11-27 00:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-43557"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-22T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains \"^/internal/\", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer\u0027s custom plugin.",
  "id": "GHSA-9wxc-375c-cvq2",
  "modified": "2021-11-27T00:00:25Z",
  "published": "2021-11-23T00:00:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43557"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/11/22/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/11/22/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/11/23/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2021-43557

Vulnerability from fkie_nvd - Published: 2021-11-22 09:15 - Updated: 2024-11-21 06:29

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security@apache.org	http://www.openwall.com/lists/oss-security/2021/11/22/1	Mailing List, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2021/11/22/2	Mailing List, Third Party Advisory
security@apache.org	http://www.openwall.com/lists/oss-security/2021/11/23/1	Exploit, Mailing List, Third Party Advisory
security@apache.org	https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h	Exploit, Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/11/22/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/11/22/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2021/11/23/1	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h	Exploit, Mailing List, Vendor Advisory

Impacted products

	Vendor	Product	Version
	apache	apisix	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6E300E2-7036-4813-B7A7-48F922753C76",
              "versionEndExcluding": "2.10.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains \"^/internal/\", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer\u0027s custom plugin."
    },
    {
      "lang": "es",
      "value": "El plugin uri-block en Apache APISIX versiones anteriores a 2.10.2, usa $request_uri sin verificaci\u00f3n. La $request_uri es la URI original completa de la petici\u00f3n sin normalizar. Esto hace posible construir un URI para evitar la lista de bloqueo en algunas ocasiones. Por ejemplo, cuando la lista de bloqueo contiene \"^/internal/\", puede usarse una URI como \"//internal/\" para omitirla. Algunos otros plugins tambi\u00e9n presentan el mismo problema. Y puede afectar al plugin personalizado del desarrollador"
    }
  ],
  "id": "CVE-2021-43557",
  "lastModified": "2024-11-21T06:29:25.887",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-11-22T09:15:07.627",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/11/22/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/11/22/2"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/11/23/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/11/22/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/11/22/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/11/23/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-202111-1282

Vulnerability from variot - Updated: 2023-12-18 13:12

The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains "^/internal/", a URI like //internal/ can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer's custom plugin. Apache APISIX Contains a command injection vulnerability.Information may be obtained. Apache Apisix is a cloud-native microservice API gateway service of the Apache Foundation in the United States. The software is implemented based on OpenResty and etcd, with dynamic routing and plug-in hot loading, suitable for API management under the microservice system.

Apache APISIX has a security vulnerability, which stems from improper design or implementation issues in the code development process of network systems or products. No detailed vulnerability details are currently provided

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202111-1282",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "apisix",
        "scope": "lt",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.10.2"
      },
      {
        "model": "apisix",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "2.10.2"
      },
      {
        "model": "apisix",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92472"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015473"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43557"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.10.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-43557"
      }
    ]
  },
  "cve": "CVE-2021-43557",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2021-43557",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-92472",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-43557",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-43557",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-92472",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202111-1831",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-43557",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92472"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-43557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015473"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43557"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-1831"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains \"^/internal/\", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer\u0027s custom plugin. Apache APISIX Contains a command injection vulnerability.Information may be obtained. Apache Apisix is a cloud-native microservice API gateway service of the Apache Foundation in the United States. The software is implemented based on OpenResty and etcd, with dynamic routing and plug-in hot loading, suitable for API management under the microservice system. \n\r\n\r\nApache APISIX has a security vulnerability, which stems from improper design or implementation issues in the code development process of network systems or products. No detailed vulnerability details are currently provided",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-43557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015473"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-92472"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-43557"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-43557",
        "trust": 3.9
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/11/22/1",
        "trust": 2.5
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/11/22/2",
        "trust": 2.5
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/11/23/1",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015473",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-92472",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021112611",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-1831",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-43557",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92472"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-43557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015473"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43557"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-1831"
      }
    ]
  },
  "id": "VAR-202111-1282",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92472"
      }
    ],
    "trust": 1.225
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92472"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:12:17.793000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Path\u00a0traversal\u00a0in\u00a0request_uri\u00a0variable",
        "trust": 0.8,
        "url": "https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h"
      },
      {
        "title": "Patch for Apache APISIX command injection vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/301916"
      },
      {
        "title": "Apache Apisix Fixes for command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=173024"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/pen4uin/awesome-vulnerability-research "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/pen4uin/vulnerability-research-list "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92472"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-43557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015473"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-1831"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-77",
        "trust": 1.0
      },
      {
        "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015473"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43557"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.openwall.com/lists/oss-security/2021/11/22/2"
      },
      {
        "trust": 2.5,
        "url": "http://www.openwall.com/lists/oss-security/2021/11/22/1"
      },
      {
        "trust": 2.5,
        "url": "http://www.openwall.com/lists/oss-security/2021/11/23/1"
      },
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43557"
      },
      {
        "trust": 1.7,
        "url": "https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021112611"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/77.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://seclists.org/oss-sec/2021/q4/126"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92472"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-43557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015473"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43557"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-1831"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92472"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-43557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-015473"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-43557"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-1831"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-92472"
      },
      {
        "date": "2021-11-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-43557"
      },
      {
        "date": "2022-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-015473"
      },
      {
        "date": "2021-11-22T09:15:07.627000",
        "db": "NVD",
        "id": "CVE-2021-43557"
      },
      {
        "date": "2021-11-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-1831"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-92472"
      },
      {
        "date": "2021-11-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-43557"
      },
      {
        "date": "2022-11-22T01:47:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-015473"
      },
      {
        "date": "2021-11-26T15:47:02.063000",
        "db": "NVD",
        "id": "CVE-2021-43557"
      },
      {
        "date": "2021-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-1831"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-1831"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache APISIX command injection vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-92472"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-1831"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "command injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-1831"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2021-92472

Vulnerability from cnvd - Published: 2021-11-30

Title

Apache APISIX命令注入漏洞

Description

Apache Apisix是美国阿帕奇（Apache）基金会的一个云原生的微服务API网关服务。该软件基于 OpenResty 和 etcd 来实现，具备动态路由和插件热加载，适合微服务体系下的 API 管理。 Apache APISIX存在安全漏洞，该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Apache APISIX命令注入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-43557

Impacted products

Name
Apache Apache APISIX <2.10.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-43557"
    }
  },
  "description": "Apache Apisix\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u4e91\u539f\u751f\u7684\u5fae\u670d\u52a1API\u7f51\u5173\u670d\u52a1\u3002\u8be5\u8f6f\u4ef6\u57fa\u4e8e OpenResty \u548c etcd \u6765\u5b9e\u73b0\uff0c\u5177\u5907\u52a8\u6001\u8def\u7531\u548c\u63d2\u4ef6\u70ed\u52a0\u8f7d\uff0c\u9002\u5408\u5fae\u670d\u52a1\u4f53\u7cfb\u4e0b\u7684 API \u7ba1\u7406\u3002\n\nApache APISIX\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7684\u4ee3\u7801\u5f00\u53d1\u8fc7\u7a0b\u4e2d\u5b58\u5728\u8bbe\u8ba1\u6216\u5b9e\u73b0\u4e0d\u5f53\u7684\u95ee\u9898\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://lists.apache.org/thread/18jyd458ptocr31rnkjs71w4h366mv7h",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-92472",
  "openTime": "2021-11-30",
  "patchDescription": "Apache Apisix\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u4e91\u539f\u751f\u7684\u5fae\u670d\u52a1API\u7f51\u5173\u670d\u52a1\u3002\u8be5\u8f6f\u4ef6\u57fa\u4e8e OpenResty \u548c etcd \u6765\u5b9e\u73b0\uff0c\u5177\u5907\u52a8\u6001\u8def\u7531\u548c\u63d2\u4ef6\u70ed\u52a0\u8f7d\uff0c\u9002\u5408\u5fae\u670d\u52a1\u4f53\u7cfb\u4e0b\u7684 API \u7ba1\u7406\u3002\r\n\r\nApache APISIX\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7684\u4ee3\u7801\u5f00\u53d1\u8fc7\u7a0b\u4e2d\u5b58\u5728\u8bbe\u8ba1\u6216\u5b9e\u73b0\u4e0d\u5f53\u7684\u95ee\u9898\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache APISIX\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Apache APISIX \u003c2.10.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-43557",
  "serverity": "\u4e2d",
  "submitTime": "2021-11-24",
  "title": "Apache APISIX\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-43557 (GCVE-0-2021-43557)

GSD-2021-43557

GHSA-9WXC-375C-CVQ2

FKIE_CVE-2021-43557

VAR-202111-1282

CNVD-2021-92472

Tags

Sightings

Nomenclature