zip

This is a robust ZIP decoder with defenses against various types of malicious archive signatures, including dangerous compression ratios, spec deviations, and ambiguous UTF-8 filenames. The decoder is implemented in JavaScript and is designed to be used in a Node.js environment. It provides a ran...

The vulnerability of the HTTP CORS filter of the Envoy proxy server allows a perpetrator to execute a DoS attack.

The vulnerability of the HTTP CORS proxy server Envoy’s filter relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to perform a DoS attack by removing the origin header between the decodeHeaders and encodeHeaders operations...

PT-2023-3902 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.27.0 Envoy versions prior to 1.26.4 Envoy versions prior to 1.25.9 Envoy versions prior to 1.24.10 Envoy versions prior to 1.23.12 Description: The issue is related to a use-after-free error in the HTTP CORS filter o...

envoy: oauth filter calls continueDecoding() from within decodeHeaders()

A flaw was found in Envoy. The OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT in newer versions and corrupts memory on earlier versions...