3 matches found
GHSA-G3XR-5W5J-W4Q4 Contour has Improper JWT Verification for Non-SNI Requests on Virtual Hosts with Fallback Certificate Enabled
Impact When an HTTPProxy is configured with incompatible combination of both .spec.virtualhost.tls.enableFallbackCertificate: true and .spec.virtualhost.jwtProviders, Contour does not reject the configuration. Consequently, requests from clients that do not send TLS SNI or send an unrecognized SN...
PT-2026-55460
Name of the Vulnerable Software and Affected Versions Contour versions prior to 1.33.5 Description An issue exists when an HTTPProxy is configured with both .spec.virtualhost.tls.enableFallbackCertificate: true and .spec.virtualhost.jwtProviders. In this scenario, the system fails to reject the...
EUVD-2013-4983
Malware in sbrugna...