A Trailing Slash Bypassed AWS API Gateway Authorization
InfoQ2990 字 (约 12 分钟)
35
AWS API Gateway’s authorization mechanism was bypassed due to automatic trailing-slash normalization, allowing unauthorized access to protected endpoints; recommended fixes include strict path matching and custom authorizers.
入选理由:尾部斜杠(/)在AWS API Gateway中被自动规范化,导致 /endpoint 和 /endpoint/ 被视为相同路径,绕过授权检查。
FeaturedArticle#AWS#API Gateway#Security Vulnerability#Authorization Bypass#Cloud Security英文