CVE-2021-41130
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-41130
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41130.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-41130
- Related
- Published
- 2021-10-07T19:15:08.843Z
- Modified
- 2025-11-14T12:23:12.674379Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use it to do authorization. But if there are two "X-Endpoint-API-UserInfo" headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two "X-Endpoint-API-UserInfo" headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the "X-Endpoint-API-UserInfo" header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag ":1", needs to re-start the container to pick up the new version. The tag ":1" will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. ":1.57". You need to update it to ":1.58" and re-start the container. There are no workaround for this issue.
- References
-
- https://cloud.google.com/endpoints/docs/openapi/authenticating-users-google-id
- https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27
- https://github.com/cloudendpoints/esp/releases/tag/v1.58.0
- https://github.com/cloudendpoints/esp/security/advisories/GHSA-43wx-8qmj-9r9q
Affected packages
Git / github.com/cloudendpoints/esp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cloudendpoints/esp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
0.*
0.3.8
0.3.9
v1.*
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.15.0
v1.16.0
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.24.0
v1.26.0
v1.27.0
v1.28.0
v1.29.0
v1.3.0
v1.30.0
v1.31.0
v1.33.0
v1.34.0
v1.35.0
v1.36.0
v1.37.0
v1.38.0
v1.4.0
v1.40.0
v1.41.0
v1.42.0
v1.43.0
v1.44.0
v1.46.0
v1.47.0
v1.5.0
v1.55.0
v1.56.0
v1.57.0
v1.6.0
v1.8.0
v1.9.0
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"252299592520253607988299476302700982455",
"248610505559295528176394314957702295531",
"317227738951296697058863858163680719761",
"261829619994639712799105361394936647073"
]
},
"target": {
"file": "include/api_manager/request.h"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-41130-03fc3b1b"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"103089253687945008137816859079091315449",
"57528866812672555845746726749972931768",
"222193775147550499088633174519636472944",
"139408884480015151975786006559049758453"
]
},
"target": {
"file": "src/api_manager/request_handler.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-41130-0e04870b"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"40180582710644749667633173662694883634",
"129580747434126122222113247141326853489",
"79757806813320707653655341305941327183",
"113140239591170886862975830604449606186",
"179443316010782707869359302177954648216"
]
},
"target": {
"file": "src/api_manager/context/client_ip_extraction_test.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-41130-1eb0e0fe"
},
{
"digest": {
"function_hash": "70660443424170074453660226878901939687",
"length": 1359.0
},
"target": {
"function": "CheckAuthTest::TestValidToken",
"file": "src/api_manager/check_auth_test.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-41130-4524aa09"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"273194342846113705585364086021552446287",
"75578103592312464274331218795206130976",
"213316359649160174181370330221723769841",
"124285692801040372300669983042502547792",
"191957608709753492315192367144684585237",
"157503054261825167032896249816530441106",
"177461145267599042349083594045097357167",
"297496602830915671545076335022504587327",
"163844129952166203095878708708579506538",
"121981586546568691793722684703108695605",
"154100247305967973252642800771164203980",
"310917885622754471010294987415862439510",
"331281844039084445166642735590479862923",
"181493525565562107727016143056959279665",
"221832630133309296006978331479859080932",
"302522287934114089433665212366648391059",
"1810982064106098176294479025968343671",
"279712875281089011610534689990858916796",
"103963470071564193428273125947912129240",
"92045183861454617745757908552589344029",
"186322133010321617451158839454224479514",
"50242325865326987575206795976861350172",
"103772171830738870288327866827004724540",
"153737777796121030273712820158124369630",
"102114681163685396643097775864277838420",
"61422471775798196078807954871481993077"
]
},
"target": {
"file": "src/nginx/request.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-41130-5da443f2"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"199661318353406484167738561063535390747",
"47478523884108383931197297436545999302",
"69465198097250853560295093351751952550",
"288797171835950172328806770888900207773",
"130981369790235362577931143511872893993",
"286964953872384455258138368751357756406"
]
},
"target": {
"file": "src/api_manager/check_service_control.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-41130-7155199d"
},
{
"digest": {
"function_hash": "120904301598098223398345863961748157606",
"length": 260.0
},
"target": {
"function": "check_workflow_",
"file": "src/api_manager/request_handler.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-41130-824a4de0"
},
{
"digest": {
"function_hash": "153171212618605172523470740891956953442",
"length": 487.0
},
"target": {
"function": "AuthChecker::PassUserInfoOnSuccess",
"file": "src/api_manager/check_auth.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-41130-88d1c33d"
},
{
"digest": {
"function_hash": "200869581475123735993262261928253439004",
"length": 1004.0
},
"target": {
"function": "TEST_F",
"file": "src/api_manager/check_auth_test.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-41130-8b11673b"
},
{
"digest": {
"function_hash": "194656220474211919318833233523308925791",
"length": 542.0
},
"target": {
"function": "RequestContext::StartBackendSpanAndSetTraceContext",
"file": "src/api_manager/context/request_context.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-41130-8de04600"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"156763601970778594089670826451538877310",
"164569280114907739439158198890037041221",
"134495384703724863499620142923817933887",
"174266110874575389579116051652295037744"
]
},
"target": {
"file": "src/api_manager/check_auth.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-41130-9966616b"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"124555775050186960473444525736434112541",
"87956929436607818709267142385317192772",
"235316682392370544772653880151432570847",
"318446486927011715873710970011942586419",
"301061032907837933390599384616823680997"
]
},
"target": {
"file": "src/api_manager/mock_request.h"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-41130-9ea99476"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"268557008247647403069910143145655387670",
"123208326389277014211541663463708714016",
"70247440695724784152739511634001274559",
"305995428250267423201561448354776443700",
"133650305765493911584888931324277147000",
"236703638891815106614579422885455303579",
"197465051832478868523698529580782688281",
"242606095202304975276799361496756919418",
"220920585778604497943435673097724463160",
"264841444507472038154634199411757364443",
"225583033442034394493085448150182157424",
"123179324701565035031392537874864341740",
"150460308205968684534856279625421189756",
"236140646073989733671730159656841726850",
"302461205799753051445955230092226699193",
"57112194187637446248261498324719739119",
"58829472313193280049382598770082536130",
"68292068359203861530166342547526691991",
"134811942775173899220273855476063794859",
"219248169257693709034002634629768178721",
"237029341373741985882515097146900290602",
"263736118670371286378813463674248650501",
"96521176151311858773600721623055582987",
"132502329913308101805401509837840037810",
"28140113725366921053919008788260525061",
"241445852103753364234919194421385055538",
"226954586919203438851625700279956642990"
]
},
"target": {
"file": "src/api_manager/context/request_context.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-41130-a1494bfb"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"300119219885327139018461051672314803009",
"337533291503229458590404377686864739512",
"139366199344688441814086521608115372964",
"85301578765280906918261503244636984123",
"246687342681984053806172157003498406689",
"134340592871228967635213229674730594500",
"56177407532921156374502173849913931461",
"160194392783416061026129546712681709080",
"10940267128672146297807645781573271175",
"160404830798029446371374970549594820475",
"49140582215005592988523955241051336470",
"109740612534665862525889148847148583257",
"270775805351086202524836436840829979913",
"300753368704880297024072667485250482931",
"47474681906262376659959024685575757389",
"173689642430977657500433355265718252255",
"308529050154063505659666420572318005720",
"291494427979477733197722163514763012739",
"63253837465277945949487250440565044829"
]
},
"target": {
"file": "src/api_manager/check_auth_test.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-41130-a9ea2b7c"
},
{
"digest": {
"function_hash": "273504356146866837069438321135313695602",
"length": 1229.0
},
"target": {
"function": "NgxEspRequest::AddHeaderToBackend",
"file": "src/nginx/request.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-41130-b3fc5d79"
},
{
"digest": {
"function_hash": "55000361284885886160252975262586210432",
"length": 1837.0
},
"target": {
"function": "TEST_F",
"file": "src/api_manager/check_auth_test.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-41130-de94b3a4"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"340277736093740716423926175960361932002",
"219854530106350367519264802028751092444",
"32973727138982213779997415781439563347",
"156392869259015074243303489436519827497"
]
},
"target": {
"file": "src/nginx/request.h"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-41130-eb63060f"
},
{
"digest": {
"function_hash": "273341284600782350224804379278849970831",
"length": 834.0
},
"target": {
"function": "RequestContext::AddInstanceIdentityToken",
"file": "src/api_manager/context/request_context.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-41130-f2d085dd"
},
{
"digest": {
"function_hash": "255050036760865819852197525538080882456",
"length": 120.0
},
"target": {
"function": "RequestContext::SetApiKeyHeader",
"file": "src/api_manager/context/request_context.cc"
},
"signature_version": "v1",
"source": "https://github.com/cloudendpoints/esp/commit/e310c4f91d229a072507f80c73811489b4cdff27",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-41130-f4988531"
}
]