今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

A Trailing Slash Bypassed AWS API Gateway Authorization

Steef-Jan Wiggers 2026年06月01日 17:55 3 次阅读 来源:InfoQ

A security researcher found that adding a trailing slash to AWS HTTP API paths bypassed Lambda authorizer authentication entirely, enabling unauthenticated wire transfers at a fintech. The root cause is a path normalization mismatch between HTTP API's greedy route matching and its authorization layer. The same vulnerability class appeared in gRPC-Go via CVE-2026-33186. By Steef-Jan Wiggers

本文内容来源于互联网,版权归原作者所有
查看原文