[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"vulnerability-1550":17,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":48},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},{"id":18,"detectable_with":19,"vuln_details":26,"vuln_id":45,"name":46,"published":47,"updated":27},1550,{"tool":20,"engine":23},{"id":21,"name":22},1,"Network Scanner",{"id":24,"name":25},2,"Nuclei",{"id":18,"codename":27,"description":27,"severity":28,"risk_description":29,"public_description":30,"public_recommendation":31,"recommendation":27,"references":32,"cvssv3":38,"epss_score":39,"epss_percentile":40,"cve":41,"in_cisa_catalog":43,"date":44,"software_type":27,"vendor":27,"product":27,"ptt_exploit_capabilities":27},null,"critical","An attacker can gain unauthorized access to the API, potentially leading to data breaches or unauthorized actions.","In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin.' While all APIs and authentication middleware are developed based on framework `droplet`,  some API directly use the interface of framework `gin` thus bypassing their authentication.","Upgrade to release 2.10.1 or later. Or, change the default username and password, and restrict the source IP to access the Apache APISIX Dashboard.",[33,34,35,36,37],"https://apisix.apache.org/zh/blog/2021/12/28/dashboard-cve-2021-45232/","https://github.com/pingpongcult/CVE-2021-45232","https://github.com/advisories/GHSA-wcxq-f256-53xp","https://twitter.com/403Timeout/status/1475715079173976066","https://github.com/wuppp/cve-2021-45232-exp",9.8,0.93518,0.99825,[42],"CVE-2021-45232",false,"2021-12-27T00:00:00Z","NETSCAN-NUCLEI-CVE-CVE-2021-45232","Apache APISIX Dashboard \u003C2.10.1 - API Unauthorized Access","2023-07-04T00:00:00Z",["Island",49],{"key":50,"params":51,"result":53},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":52},"{\"text-color\":\"gray\"}",{"head":54},{}]