14 matches found
Denial Of Service (DoS)
github.com/envoyproxy/envoy is vulnerable to a Denial Of Service DoS. The vulnerability is due to a re-entry bug in the JwksFetcherImpl during failed remote JWKS fetching with multiple JWT tokens, which allows an attacker to trigger a crash by sending crafted requests that cause overlapping fetch...
Envoy crashes when JWT authentication is configured with the remote JWKS fetching
Summary Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allowmissingorfailed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. Details This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS...
GHSA-MP85-7MRQ-R866 Envoy crashes when JWT authentication is configured with the remote JWKS fetching
Summary Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allowmissingorfailed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch fails. Details This is caused by a re-entry bug in the JwksFetcherImpl. When the first token's JWKS...
CVE-2025-64527 Envoy crashes when JWT authentication is configured with the remote JWKS fetching
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allowmissingorfailed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch...
CVE-2025-64527
Envoy vulnerability CVE-2025-64527: In versions 1.33.12, 1.34.10, 1.35.6, 1.36.2 and earlier, a re-entry bug in JwksFetcherImpl triggers a crash when JWT authentication uses remote JWKS with allow_missing_or_failed and multiple tokens in headers if the JWKS fetch fails. The first token’s JWKS fet...
CVE-2025-64527 Envoy crashes when JWT authentication is configured with the remote JWKS fetching
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy crashes when JWT authentication is configured with the remote JWKS fetching, allowmissingorfailed is enabled, multiple JWT tokens are present in the request headers and the JWKS fetch...
PT-2025-48969
Name of the Vulnerable Software and Affected Versions Envoy versions 1.33.12 through 1.36.2 Description Envoy, a high-performance edge/middle/service proxy, experiences crashes when JWT authentication is configured with remote JWKS fetching enabled, allow missing or failed is set to true, multipl...
Medium: ecs-service-connect-agent
Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...
BIT-ENVOY-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...
CVE-2024-45809
A flaw was found in Envoy. JWT filter will lead to a crash in Envoy when clearing the route cache with remote JWKs in the following cases: 1. Remote JWKs are used, which requires async header processing 2. clearroutecache is enabled on the provider 3. Header operations are enabled in JWT filter,...
CVE-2024-45809
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...
CVE-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...
CVE-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...
CVE-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...