(apisix-website) branch master updated: docs: fix tag of cve-2024-32638.md (#1796)

bzp2010 Sun, 05 May 2024 19:26:03 -0700

This is an automated email from the ASF dual-hosted git repository.

bzp2010 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-website.git



The following commit(s) were added to refs/heads/master by this push:
     new 26173097885 docs: fix tag of cve-2024-32638.md (#1796)
26173097885 is described below

commit 261730978851752dccdea86c9636924067a7e0a0
Author: Yilia Lin <114121331+yilial...@users.noreply.github.com>
AuthorDate: Mon May 6 10:25:50 2024 +0800

    docs: fix tag of cve-2024-32638.md (#1796)
---
 blog/en/blog/2024/05/02/cve-2024-32638.md | 19 ++++++++++---------
 blog/zh/blog/2024/05/02/cve-2024-32638.md | 15 ++++++++-------
 2 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/blog/en/blog/2024/05/02/cve-2024-32638.md 
b/blog/en/blog/2024/05/02/cve-2024-32638.md
index 116afd76b72..6eca3c0c72f 100644
--- a/blog/en/blog/2024/05/02/cve-2024-32638.md
+++ b/blog/en/blog/2024/05/02/cve-2024-32638.md
@@ -1,31 +1,32 @@
 ---
-title: "Forward-Auth Plugin Request Smuggling( CVE-2024-32638 )"
+title: "HTTP Request Smuggling in forward-auth Plugin (CVE-2024-32638)"
 keywords: 
 - Vulnerability
 - forward-auth
 - Smuggling
-description: Inconsistent Interpretation of HTTP Requests ('HTTP Request 
Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.
-tags: [Security]
+description: Enabling the `forward-auth` plugin allows Apache APISIX to 
trigger illegal requests (HTTP Request Smuggling), resulting in a security 
vulnerability.
+tags: [Vulnerabilities]
+image: 
https://static.apiseven.com/uploads/2024/05/06/Wq940JRt_CVE-2024-32638.png
 ---
 
-> In APISIX 3.8.0, 3.9.0, there is a problem of HTTP Request Smuggling caused 
by the `forward-auth` plugin.
+> For APISIX versions 3.8.0 and 3.9.0, enabling the forward-auth plugin allows 
APISIX to trigger illegal requests (HTTP Request Smuggling).
 <!--truncate-->
 
 ## Problem Description
 
-Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') 
vulnerability in Apache APISIX when using `forward-auth` plugin.
+Enabling the `forward-auth` plugin allows Apache APISIX to trigger illegal 
requests (HTTP Request Smuggling), resulting in a security vulnerability.
 
 ## Affected Versions
 
-This issue affects Apache APISIX: from 3.8.0, 3.9.0 .
+This issue affects Apache APISIX versions: 3.8.0 and 3.9.0.
 
 ## Solution
 
-If you are using version 3.8.0, 3.9.0, highly recommended to upgrade to 
version 3.8.1, 3.9.1 or higher, which fixes the issue.
+For Apache APISIX users using versions 3.8.0 and 3.9.0, it is recommended to 
upgrade to versions 3.8.1, 3.9.1, or higher, in which the issue is fixed.
 
 ## Vulnerability details
 
-Severity：low
+Severity: Low
 
 Vulnerability public date: May 2, 2024
 
@@ -33,4 +34,4 @@ CVE details: https://nvd.nist.gov/vuln/detail/CVE-2024-32638
 
 ## Contributor Profile
 
-Discovered and reported by Brandon Arp and Bruno Green of Topsort. Thank you 
for your contribution to the Apache APISIX community.
+This vulnerability was discovered and reported by Brandon Arp and Bruno Green 
from Topsort. Thank you for your contribution to the Apache APISIX community.
diff --git a/blog/zh/blog/2024/05/02/cve-2024-32638.md 
b/blog/zh/blog/2024/05/02/cve-2024-32638.md
index f9c746832d5..66bfe5becbd 100644
--- a/blog/zh/blog/2024/05/02/cve-2024-32638.md
+++ b/blog/zh/blog/2024/05/02/cve-2024-32638.md
@@ -1,23 +1,24 @@
 ---
-title: "Forward-Auth 插件能够发出非法 Smuggling 请求 ( CVE-2024-32638 )"
+title: "Forward-Auth 插件能够发出非法 Smuggling 请求 (CVE-2024-32638)"
 keywords: 
 - 安全漏洞
 - forward-auth
 - Smuggling
-description: 使用 “forward-auth” 插件时，Apache APISIX 能够发出 HTTP 非法请求（“HTTP Request 
Smuggling”）导致安全漏洞
-tags: [Security]
+description: 使用 `forward-auth` 插件时，Apache APISIX 能够发出 HTTP 非法请求（HTTP Request 
Smuggling）导致安全漏洞
+tags: [Vulnerabilities]
+image: 
https://static.apiseven.com/uploads/2024/05/06/Wq940JRt_CVE-2024-32638.png
 ---
 
-> 对于 APISIX 3.8.0, 3.9.0 版本，启用 “forward-auth” 插件时，APISIX 能够发出非法请求（HTTP Request 
Smuggling）。
+> 对于 APISIX 3.8.0, 3.9.0 版本，启用 `forward-auth` 插件时，APISIX 能够发出非法请求（HTTP Request 
Smuggling）。
 <!--truncate-->
 
 ## 问题描述
 
-启用 “forward-auth” 插件时，APISIX 能够发出非法请求（HTTP Request Smuggling）导致安全漏洞。
+启用 `forward-auth` 插件时，APISIX 能够发出非法请求（HTTP Request Smuggling）导致安全漏洞。
 
 ## 影响版本
 
-该风险会影响 Apache APISIX `3.8.0` 和 `3.9.0` 两版本。
+该风险会影响 Apache APISIX `3.8.0` 和 `3.9.0` 两个版本。
 
 ## 解决方案
 
@@ -33,4 +34,4 @@ CVE 详细信息：https://nvd.nist.gov/vuln/detail/CVE-2024-32638
 
 ## 贡献者简介
 
-该漏洞有来自 Topsort 公司的 Brandon Arp 和 Bruno Green 发现并报告。感谢各位对 Apache APISIX 社区的贡献。
+该漏洞由来自 Topsort 公司的 Brandon Arp 和 Bruno Green 发现并报告。感谢各位对 Apache APISIX 社区的贡献。

(apisix-website) branch master updated: docs: fix tag of cve-2024-32638.md (#1796)

Reply via email to