GHSA-X2W3-23JR-HRPF ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)

Summary The encodeheaders function in src/ewe/internal/encoder.gleam directly interpolates response header keys and values into raw HTTP bytes without validating or stripping CRLF \r\n sequences. An application that passes user-controlled data into response headers e.g., setting a Location redire...

The vulnerability of the HTTP CORS filter of the Envoy proxy server allows a perpetrator to execute a DoS attack.

The vulnerability of the HTTP CORS proxy server Envoy’s filter relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to perform a DoS attack by removing the origin header between the decodeHeaders and encodeHeaders operations...

PT-2023-3902 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.27.0 Envoy versions prior to 1.26.4 Envoy versions prior to 1.25.9 Envoy versions prior to 1.24.10 Envoy versions prior to 1.23.12 Description: The issue is related to a use-after-free error in the HTTP CORS filter o...