F5 fixes high-risk NGINX Controller vulnerability in January patch rollout


A code injection vulnerability involving F5’s NGINX Controller API Management technology, which allows DevOps teams to “create, publish, protect, monitor, and analyse APIs,” was the first item on the triage list.

An authorised attacker with the ‘user’ or ‘admin’ role can exploit NGINX Controller API Management’s unknown API endpoints to inject JavaScript code into managed NGINX data plane instances.

Read More…