VDB

GCVE-110-CLOUD-2023-0020

GCVE-110-CLOUD-2023-0020
Advisory Published
Vulnetix · Advisory published September 19, 2023
Researchers at Omegapoint identified two issues in AWS API Gateway authorizers: 1) A header rewrite feature could be abused to bypass authorization by overwriting headers after the authorizer lambda processed them. 2) Caching of authorization policies could be exploited to reuse cached policies with modified identification sources, bypassing the authorizer.

Affected Products

VendorProductVersionsPlatforms
AWSCloud Services
AWSAPI Gateway
AWSLambda

References

advisory
advisory
advisory

Browse GCVE Records

72,096 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›