CVE-2021-45232

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-45232

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45232.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-45232

Aliases

BIT-apisix_dashboard-2021-45232

Published

2021-12-27T15:15:07Z

Modified

2025-02-19T03:22:27.483001Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin, all APIs and authentication middleware are developed based on framework droplet, but some API directly use the interface of framework gin thus bypassing the authentication.

References

Affected packages

Git / github.com/apache/apisix-dashboard

Affected ranges

Type: GIT
Repo: https://github.com/apache/apisix-dashboard
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2094ced53058943ca6ce31b813129a6fefed57c0

Affected versions

0.*

0.9

1.*

1.0@vue.js

1.0_vue.js

v2.*

v2.1.1-rc1

v2.8

v2.9.0