Page 3 of 20 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration. A flaw was found in Envoy. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-mc6h-6j9x-v3gq https://access.redhat.com/security/cve/CVE-2023-35943 https://bugzilla.redhat.com/show_bug.cgi?id=2217987 • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update. A flaw was found in Envoy, where gRPC access loggers using the listener's global scope can cause a use-after-free crash when the listener is drained. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-69vr-g55c-v2v4 https://access.redhat.com/security/cve/CVE-2023-35942 https://bugzilla.redhat.com/show_bug.cgi?id=2217978 • CWE-416: Use After Free •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-7mhv-gr67-hq55 https://access.redhat.com/security/cve/CVE-2023-35941 https://bugzilla.redhat.com/show_bug.cgi?id=2217977 • CWE-116: Improper Encoding or Escaping of Output CWE-303: Incorrect Implementation of Authentication Algorithm •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. • https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346 https://access.redhat.com/security/cve/CVE-2023-35945 https://bugzilla.redhat.com/show_bug.cgi?id=2217983 • CWE-400: Uncontrolled Resource Consumption CWE-459: Incomplete Cleanup •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script). • https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5 https://access.redhat.com/security/cve/CVE-2023-27496 https://bugzilla.redhat.com/show_bug.cgi?id=2182155 • CWE-20: Improper Input Validation •