10 matches found
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.9 security update
Red Hat OpenShift Service Mesh 2.2.9 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...
CVE-2023-27491
creationtimestamp| type| source ---|---|--- 2023-04-04 22:25:46+00:00| seen| https://t.me/cibsecurity/61418...
CVE-2023-27491
A flaw was found in Envoy that may allow attackers to send specially crafted HTTP/2 or HTTP/3 requests to trigger parsing errors on the upstream HTTP/1 service...
CVE-2023-27491
Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed request...
CVE-2023-27491 vulnerabilities
Vulnerabilities for packages: envoy...
CVE-2023-27491 vulnerabilities
Vulnerabilities for packages: envoy...
CVE-2023-27491 Envoy forwards invalid Http2/Http3 downstream headers
Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed request...
CVE-2023-27491 Envoy forwards invalid Http2/Http3 downstream headers
Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed request...
CVE-2023-27491
CVE-2023-27491 affects Envoy: a non-compliant HTTP/1 service may allow malformed requests to bypass security policies. The BIT-ENVOY-2023-27491 entry documents that this vulnerability can be triggered in pre‑fix releases and that the issue is fixed in Envoy versions 1.26.0, 1.25.3, 1.24.4, 1.23.6...
CVE-2023-27491 Envoy forwards invalid Http2/Http3 downstream headers
Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed request...