3 matches found
CVE-2021-39206
creationtimestamp| type| source ---|---|--- 2021-09-10 02:29:59+00:00| seen| https://t.me/cibsecurity/28639...
CVE-2021-39206
CVE-2021-39206 references Envoy vulnerabilities CVE-2021-32777 and CVE-2021-32779 within Pomerium. The issue can lead to incorrect authorization or routing decisions when path-prefix policy is used. Pomerium has patched Envoy in v0.14.8 and v0.15.1; mitigation also includes removing path-prefix p...
CVE-2021-39206 Incorrect Authorization with specially crafted requests
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect...