architect
A Trailing Slash Bypassed AWS API Gateway Authorization
Source:
feed.infoq.com 1 min read
Share
You are reading a summary. The full content is hosted on feed.infoq.com.
A security researcher found that adding a trailing slash to AWS HTTP API paths bypassed Lambda authorizer authentication entirely, enabling unauthenticated wire transfers at a fintech. The root cause is a path normalization mismatch between HTTP API's greedy route matching and its authorization layer. The same vulnerability class appeared in gRPC-Go via CVE-2026-33186. By Steef-Jan Wiggers
Read the full article on the original website
External link to feed.infoq.com
Related Articles
architect
WebMCP Standard Proposal for Agentic Web Actuation Now Available in Chrome (Origin Trials)
1 min read •
architect
Slack Eliminates SSH in EMR Pipelines, Migrates 700+ Jobs to Rest-Based Architecture
1 min read •
architect
The digital pivot: How HSS transformed hire with agentic AI
1 min read •