daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2021-45232.yaml

patch-1
Jongwon Baek 2022-11-29 14:50:30 +09:00 committed by GitHub
parent 076151eeef
commit 1cbc6de150
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2021/CVE-2021-45232.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2021-45232
info:
name: Apache APISIX Dashboard <2.10.1 API Unauthorized Access
name: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
author: Mr-xn
severity: critical
description: In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin.' While all APIs and authentication middleware are developed based on framework `droplet`, some API directly use the interface of framework `gin` thus bypassing their authentication.