2 matches found
GHSA-8FV2-88GG-HM7Q Envoy Gateway: Wasm cache ServeHTTP reads mappingPath2Cache without lock
Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Pod-network reachability to :18002 no auth - Tenant can create EnvoyExtensionPolicy baseline - Attacker pod floods GET while churning EnvoyExtensionPolicy with distinct Wasm URLs -...
MiracleLinux 7 : firefox-102.3.0-6.0.1.el7.AXS7 (AXSA:2022-3888:23)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3888:23 advisory. Mozilla: Bypassing FeaturePolicy restrictions on transient pages CVE-2022-40959 Mozilla: Data-race when parsing non-UTF-8 URLs in threads...