Skip to main content

Apisix Dashboard

2 CVEs product

Monthly

CVE-2021-45232 CRITICAL POC THREAT Act Now

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Apisix Dashboard
NVD
CVSS 3.1
9.8
EPSS
85.9%
CVE-2021-33190 MEDIUM This Month

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Apisix Dashboard
NVD
CVSS 3.1
5.3
EPSS
2.7%
EPSS 86% CVSS 9.8
CRITICAL POC THREAT Act Now

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Apisix Dashboard
NVD
EPSS 3% CVSS 5.3
MEDIUM This Month

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Apisix Dashboard
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy