Page 3 of 43 results (0.013 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes. As of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ responses, mitigate by using the buffer filter to avoid triggering the local reply in the Lua filter. A flaw was found in Envoy. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2 https://access.redhat.com/security/cve/CVE-2023-27492 https://bugzilla.redhat.com/show_bug.cgi?id=2179139 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1

Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9. A flaw was found in Envoy that may allow attackers to send specially crafted HTTP/2 or HTTP/3 requests to trigger parsing errors on the upstream HTTP/1 service. • https://datatracker.ietf.org/doc/html/rfc9113#section-8.3 https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1 https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp https://www.rfc-editor.org/rfc/rfc9110#section-5.6.2 https://access.redhat.com/security/cve/CVE-2023-27491 https://bugzilla.redhat.com/show_bug.cgi?id=2179138 • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service. When Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with ``failure_mode_allow: true``, the request would have been allowed in this case. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph https://access.redhat.com/security/cve/CVE-2023-27488 https://bugzilla.redhat.com/show_bug.cgi?id=2182156 • CWE-20: Improper Input Validation •

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 1

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g https://access.redhat.com/security/cve/CVE-2023-27487 https://bugzilla.redhat.com/show_bug.cgi?id=2179135 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. • https://github.com/envoyproxy/envoy/commit/fe7c69c248f4fe5a9080c7ccb35275b5218bb5ab https://github.com/envoyproxy/envoy/security/advisories/GHSA-rm2p-qvf6-pvr6 • CWE-416: Use After Free •