EUVD-2024-20838

Malicious code in bioql PyPI...

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2024-543)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-543 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1...

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-034)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.27.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-034 advisory. Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happ...

Denial Of Service (DoS)

github.com/envoyproxy/envoy is vulnerable to Denial Of Service DoS. The vulnerability is due to a regex expression which is compiled for every request. This can result in high CPU usage and increased request latency when multiple routes are configured with such matchers...

Cross site request forgery (csrf)

Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and...

CVE-2024-23323 Excessive CPU usage when URI template matcher is configured using regex in Envoy

Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and...