Rewterz Threat Advisory – CVE-2022-1048 – Linux Kernel Vulnerability
March 30, 2022Rewterz Threat Alert – Formbook/XLoader Used Against Ukraine – Active IOCs – Russian-Ukrainian Cyber Warfare
March 30, 2022Rewterz Threat Advisory – CVE-2022-1048 – Linux Kernel Vulnerability
March 30, 2022Rewterz Threat Alert – Formbook/XLoader Used Against Ukraine – Active IOCs – Russian-Ukrainian Cyber Warfare
March 30, 2022Severity
High
Analysis Summary
CVE-2022-25757
Apache APISIX could allow a remote attacker to bypass security restrictions, caused by improper input validation. By passing a specially-crafted JSON with a duplicate key, an attacker could exploit this vulnerability to bypass the body_schema validation in the request-validation plugin
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-25757
Affected Vendors
Apache
Affected Products
- Apache APISIX 2.12
- Apache APISIX 2.12.1
Remediation
Upgrade to the latest version of Apache APISIX, available from the Apache Web site.