Alyssa Wilk

**Nome do software vulnerável e versões afetadas** Versões do CNCF Envoy anteriores à 1.13.1 **Descrição** O problema está relacionado ao consumo excessivo de memória ao responder internamente a solicitações em pipeline. **Recomendações** Para versões anteriores à 1.13.1, atualize para a versão 1.13.1 ou posterior para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** Envoy version 1.12.0 **Description** An issue was discovered where an untrusted remote client can send an HTTP header, such as the `Host` header, with whitespace after the header content. This allows the client to bypass matchers, for example, by sending a `Host` header with a value of "example.com " to bypass an "example.com" matcher. **Recommendations** For Envoy version 1.12.0, as a temporary workaround, consider restricting the use of HTTP headers with whitespace after the header content until a patch is available.