Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/18 3:2 p.m.10 views

CVE-2026-34356

A flaw was found in Apache HTTP Server. This heap-based buffer overflow vulnerability can be exploited by a malicious backend server when using ProxyPassReverseCookie directives. This could lead to a denial of service DoS condition, making the server unavailable to legitimate users. Mitigation To...

7.5CVSS5.5AI score0.00682EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/24 3:19 p.m.14 views

Contour has Lua code injection via Cookie Path Rewrite Policy

Impact Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the following fields that results in arbitrary code execution in the Envoy proxy: -...

8.1CVSS6.3AI score0.00481EPSS
Exploits0References11Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/24 1:15 p.m.9 views

CVE-2026-41246

A flaw was found in Contour, a Kubernetes ingress controller. An attacker with Role-Based Access Control RBAC permissions to manage HTTPProxy resources can exploit a Lua code injection vulnerability within Contour's Cookie Rewriting feature. By crafting a malicious value in specific configuration...

8.1CVSS6.3AI score0.00481EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

Contour 代码注入漏洞

Contour is an open-source Kubernetes ingress controller that uses Envoy proxies. Versions of Contour from v1.19.0 to v1.33.4, v1.32.5 before v1.32.5, and v1.31.6 before v1.31.6 had a code injection vulnerability. This vulnerability stemmed from the Cookie rewriting feature, which was vulnerable t...

8.1CVSS6AI score0.00481EPSS
Exploits0References1
Rows per page
Query Builder