PT-2021-22413 · Istio · Istio

Name of the Vulnerable Software and Affected Versions: Istio versions 1.11.0, 1.10.3 and below, and 1.9.7 and below Istio versions prior to 1.11.1, 1.10.4, and 1.9.8 Description: Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across...

Envoy 安全漏洞

Envoy is an open source distributed proxy server. Envoy suffers from a security vulnerability that stems from incorrectly evaluating HTTP requests containing URI fragments when an authorization policy based on URI paths is specified. An attacker could use this vulnerability to bypass the...

PT-2021-19924 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.16.5 Envoy versions 1.16.5 through 1.19.0 Envoy version 1.18.0 with path normalization=false Description: The issue arises from Envoy's incorrect handling of a URI 'fragment' element as part of the path element. This...

UBUNTU-CVE-2022-24070

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

DEBIAN-CVE-2011-1921

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz shortcircuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to...

Subversion: Access restriction bypass by checkout of the root of the repository

authz.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz shortcircuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass...