PT-2023-21167 · Envoy · Envoy
Cancecen
+1
·
Publicado
2023-04-04
·
Atualizado
2024-03-06
·
CVE-2023-27491
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Envoy versions prior to 1.26.0
Envoy versions prior to 1.25.3
Envoy versions prior to 1.24.4
Envoy versions prior to 1.23.6
Envoy versions prior to 1.22.9
Description
Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to the fixed versions, there is a possibility that non-compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies.
Recommendations
For versions prior to 1.26.0, update to version 1.26.0 or later.
For versions prior to 1.25.3, update to version 1.25.3 or later.
For versions prior to 1.24.4, update to version 1.24.4 or later.
For versions prior to 1.23.6, update to version 1.23.6 or later.
For versions prior to 1.22.9, update to version 1.22.9 or later.
Exploit
Correção
HTTP Request/Response Smuggling
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Envoy