Page 3 of 61 results (0.010 seconds)

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy’s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q https://access.redhat.com/security/cve/CVE-2023-27493 https://bugzilla.redhat.com/show_bug.cgi?id=2182158 • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes. As of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ responses, mitigate by using the buffer filter to avoid triggering the local reply in the Lua filter. A flaw was found in Envoy. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2 https://access.redhat.com/security/cve/CVE-2023-27492 https://bugzilla.redhat.com/show_bug.cgi?id=2179139 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1

Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9. A flaw was found in Envoy that may allow attackers to send specially crafted HTTP/2 or HTTP/3 requests to trigger parsing errors on the upstream HTTP/1 service. • https://datatracker.ietf.org/doc/html/rfc9113#section-8.3 https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1 https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2 https://access.redhat.com/security/cve/CVE-2023-27491 https://bugzilla.redhat.com/show_bug.cgi?id=2179138 • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service. When Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with ``failure_mode_allow: true``, the request would have been allowed in this case. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph https://access.redhat.com/security/cve/CVE-2023-27488 https://bugzilla.redhat.com/show_bug.cgi?id=2182156 • CWE-20: Improper Input Validation •

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g https://access.redhat.com/security/cve/CVE-2023-27487 https://bugzilla.redhat.com/show_bug.cgi?id=2179135 • CWE-20: Improper Input Validation •