8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
0.001 Low
EPSS
Percentile
20.9%
github.com/envoyproxy/envoy is vulnerable to Authentication Bypass. The library supports mixed-case schemes for HTTP/2
; however, internal checks that are case-sensitive may result in rejections or bypasses in unencrypted connections, possibly harming htTp
and htTps
requests.
github.com/envoyproxy/envoy/commit/6ba9c2b8753f02234da476a4d1d1a961052cfe35
github.com/envoyproxy/envoy/commit/706f9ead7368da269985c90611d876eae8b9261d
github.com/envoyproxy/envoy/commit/f0a2a4cc525c6d864f66f777fc73f535d1a04e01
github.com/envoyproxy/envoy/commit/fd770b37afa32bf2b504138e8408fb5f8ea20d1d
github.com/envoyproxy/envoy/security/advisories/GHSA-pvgm-7jpg-pw5g