3 matches found
CVE-2025-25294 vulnerabilities
Vulnerabilities for packages: tigera-operator...
CVE-2025-25294 vulnerabilities
Vulnerabilities for packages: tigera-operator-fips, tigera-operator...
CVE-2025-25294
Envoy Gateway has a log injection vulnerability in its default Envoy Proxy access log configuration on affected releases prior to 1.2.7 and 1.3.1. A crafted user-agent could trigger JSON injection, allowing modification of the access log. The issue is fixed in 1.2.7 and 1.3.1 by updating EnvoyPro...