CVE-2024-32638

{"id": "CVE-2024-32638", "metrics": {}, "published": "2024-05-02T10:15:08.443", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/05/02/2", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/ngvgxllw4zn4hgngkqw2o225kf9wotov", "source": "security@apache.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-444"}]}], "descriptions": [{"lang": "en", "value": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')\u00a0vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0.\n\nUsers are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue.\n\n"}], "lastModified": "2024-05-02T14:15:09.830", "sourceIdentifier": "security@apache.org"}