Lucene search
K

46 matches found

OSV
OSV
added 2022/05/24 4:44 p.m.26 views

GHSA-2WMF-P7F8-W42H EnvoyProxy Envoy Missing HTTP URL path normalization

Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provide...

10CVSS8.1AI score0.03732EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2022/05/24 4:44 p.m.35 views

EnvoyProxy Envoy Missing HTTP URL path normalization

Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide an attacker access beyond the scope provide...

10CVSS6.9AI score0.0268EPSS
Exploits0References8Affected Software1
OpenVAS
OpenVAS
added 2022/05/08 12:0 a.m.15 views

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS10AI score0.03931EPSS
Exploits0References2
Fedora
Fedora
added 2022/05/07 5:6 a.m.20 views

[SECURITY] Fedora 36 Update: golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc36

Protoc plugin to generate polyglot message validators...

7.5CVSS2.9AI score0.03931EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/04/29 12:0 a.m.9 views

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-5cbd6de569)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS10AI score0.03931EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/04/29 12:0 a.m.16 views

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-3a63897745)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS10AI score0.03931EPSS
Exploits0References2
Fedora
Fedora
added 2022/04/28 5:53 a.m.27 views

[SECURITY] Fedora 35 Update: golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc35

Protoc plugin to generate polyglot message validators...

7.5CVSS2.9AI score0.03931EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2021/11/02 1:6 p.m.3 views

envoyproxy/envoy: excessive CPU usage when handling a large number of HTTP/2 requests

An uncontrolled resource consumption vulnerability was found in envoyproxy/envoy. When envoy handles a large number of HTTP/2 requests which open and then reset the connection, it can cause excessive CPU usage. This flaw allows an attacker to cause a denial of service on the proxy. The highest...

7.5CVSS7.1AI score0.0123EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/09/09 12:0 a.m.8 views

PT-2021-22458 · Pomerium +1 · Pomerium +1

Name of the Vulnerable Software and Affected Versions: envoyproxy envoy, pomerium affected versions not specified Description: The issue concerns a problem in envoyproxy envoy and pomerium. No specific details about the nature of the issue or its potential impact are provided. Recommendations: At...

8.6CVSS8.4AI score0.01457EPSS
Exploits0References11
Veracode
Veracode
added 2021/08/29 7:44 p.m.32 views

Authorization Bypass

servicemesh-proxy is vulnerable to authorization bypass. It allows specifically crafted requests to bypass authorization. Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. A specifically constructed...

8.6CVSS3.1AI score0.03325EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/08/25 12:0 a.m.28 views

RHEL 8 : Red Hat OpenShift Service Mesh 1.1.17.1 (RHSA-2021:3273)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3273 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

8.6CVSS7.7AI score0.03325EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2021/08/25 12:0 a.m.42 views

RHEL 8 : Red Hat OpenShift Service Mesh 2.0.7.1 (RHSA-2021:3272)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3272 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

8.6CVSS7.7AI score0.03325EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2021/08/24 10:15 p.m.43 views

CVE-2021-32780

A vulnerability was found in envoyproxy/envoy, in which the application terminates abruptly. The error occurs when envoy receives a GOAWAY frame followed by a SETTINGS frame with the parameter SETTINGMAXCONCURRENTSTREAMS to set 0. This flaw allows an attacker to cause a denial of service on the...

8.6CVSS4.2AI score0.0123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/08/24 10:14 p.m.47 views

CVE-2021-32781

An out-of-bounds memory read vulnerability was found in envoyproxy/envoy. When using one of the following envoy extensions, it is possible to modify and increase the request or response body size of the following: the decompressor, json-transcoder, grpc-web, or other proprietary extensions. This...

8.6CVSS3.1AI score0.0133EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/08/24 10:14 p.m.61 views

CVE-2021-32779

An authorization bypass vulnerability was found in envoyproxy/envoy. When a URI path-based authorization policy is specified, envoy incorrectly evaluates the HTTP request which contains a URI fragment. This flaw allows an attacker to bypass the authorization policy and access downstream services...

8.6CVSS2.4AI score0.00948EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/05/12 12:0 a.m.39 views

RHEL 8 : Red Hat OpenShift Service Mesh 2.0.4 (RHSA-2021:1538)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1538 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

8.3CVSS7.3AI score0.68383EPSS
Exploits1References6
CNNVD
CNNVD
added 2021/05/11 12:0 a.m.6 views

Envoyproxy 路径遍历漏洞

Envoy is an open source distributed proxy server. Envoy is vulnerable to a path traversal vulnerability that could be exploited by an attacker to bypass the program's authorization services...

8.3CVSS5.7AI score0.68383EPSS
Exploits0References4
Veracode
Veracode
added 2021/04/24 10:47 p.m.30 views

Denial Of Service (DoS)

servicemesh-proxy is vulnerable to denial of service. A NULL pointer dereference vulnerability in envoyproxy/envoy allows an attacker crash the application by establishing a TLS session that sends an invalid TLS alert code resulting in a denial of service...

7.5CVSS3.7AI score0.01686EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/04/22 12:0 a.m.35 views

RHEL 8 : Red Hat OpenShift Service Mesh 1.1.13 (RHSA-2021:1322)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1322 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

7.5CVSS7.1AI score0.0204EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2021/04/15 9:18 p.m.24 views

CVE-2021-29258

A flaw was found in envoyproxy. An attacker, able to craft an HTTP2 request that specifies an empty metadata map, can crash envoy resulting in a denial of service due to the null reference. The highest threat from this vulnerability is to system availability...

7.5CVSS1.9AI score0.01738EPSS
Exploits0References5
Rows per page
Query Builder