CVE-2021-32779

🗓️ 24 Aug 2021 20:45:09Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 122 Views

Envoy mishandles URI fragment in versions prior to 1.18.0 or with path_normalization=false, leading to privilege escalation

Reporter	Title	Published	Views	Family All 28
Circl	CVE-2021-32779	25 Aug 202100:23	–	circl
CNNVD	Envoy 安全漏洞	24 Aug 202100:00	–	cnnvd
Cvelist	CVE-2021-32779 Incorrectly handling of URI '#fragment' element as part of the path element	24 Aug 202120:45	–	cvelist
Oracle linux	olcne security update	10 Nov 202100:00	–	oraclelinux
Oracle linux	olcne security update	9 Nov 202100:00	–	oraclelinux
Oracle linux	olcne istio istio kubernetes security update	9 Nov 202100:00	–	oraclelinux
EUVD	EUVD-2021-19543	7 Oct 202500:30	–	euvd
Github Security Blog	Incorrect Authorization with specially crafted requests	10 Sep 202117:54	–	github
NVD	CVE-2021-32779	24 Aug 202121:15	–	nvd
Tenable Nessus	Oracle Linux 7 / 8 : olcne (ELSA-2021-9525)	9 Nov 202100:00	–	nessus

NVD

Vulners

Node

envoyproxy envoyRange1.16.0–1.16.5

envoyproxy envoyRange1.17.0–1.17.4

envoyproxy envoyRange1.18.0–1.18.4

envoyproxy envoyMatch1.19.0

[
  {
    "product": "envoy",
    "vendor": "envoyproxy",
    "versions": [
      {
        "status": "affected",
        "version": ">= 1.19.0, < 1.19.1"
      },
      {
        "status": "affected",
        "version": ">= 1.18.0, < 1.18.4"
      },
      {
        "status": "affected",
        "version": ">= 1.17.0, < 1.17.4"
      },
      {
        "status": "affected",
        "version": ">= 1.16.0, < 1.16.5"
      }
    ]
  }
]

Source	Link
github	www.github.com/envoyproxy/envoy/security/advisories/GHSA-r222-74fw-jqr9
envoyproxy	www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history

21 Nov 2024 06:07Current

8.5High risk

Vulners AI Score8.5

CVSS 27.5

CVSS 3.18.3 - 8.6

EPSS0.00035

envoy cve-2021-32779 uri fragment path normalization privilege escalation security vulnerability