8 matches found
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.10 security update
Red Hat OpenShift Service Mesh 2.2.10 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...
Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2023-006)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.26.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2023-006 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2023-300)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-300 advisory. Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.2 security update
Red Hat OpenShift Service Mesh 2.4.2 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.3.6 security update
Red Hat OpenShift Service Mesh 2.3.6 Containers Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
CVE-2023-35944 Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes
Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests wit...
CVE-2023-35944
CVE-2023-35944 affects Envoy. The issue arises from case-sensitive internal HTTP/2 scheme checks, allowing mixed-case schemes (e.g., htTp, htTps) to be rejected or to bypass certain requests over unencrypted connections. The vulnerability exists prior to fixed releases and is mitigated by a patch...
CVE-2023-35944 Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes
Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests wit...