CVE-2022-25757

CWE-20Improper Input Validation3 documents3 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 37.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache ApisixApache Software Foundation Apache Apisix
Timeline
PublishedMar 28
Latest updateMar 29

Description

In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example, `{"string_payload":"bad","string_payload":"good"}` can be used to hide the "bad" input. Systems satisfy three conditions below are affected by this attack: 1. use body_schema validation in the request-validation plugin 2. upstrea

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDapache/apisix< 2.13.0
CVEListV5apache_software_foundation/apache_apisixApache APISIX2.12.1

🔴Vulnerability Details

2
GHSA
GHSA-9xhv-qfpf-p2xx: In Apache APISIX before 22022-03-29
CVEList
Apache APISIX: the body_schema check in request-validation plugin can be bypassed2022-03-28
CVE-2022-25757 (CRITICAL CVSS 9.8) | In Apache APISIX before 2.13.0 | cvebase.io