Alyssa Wilk

**Name of the Vulnerable Software and Affected Versions** CNCF Envoy versions prior to 1.13.1 **Description** The issue is related to excessive memory consumption when responding internally to pipelined requests. **Recommendations** For versions prior to 1.13.1, update to version 1.13.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Envoy version 1.12.0 **Description** An issue was discovered where an untrusted remote client can send an HTTP header, such as the `Host` header, with whitespace after the header content. This allows the client to bypass matchers, for example, by sending a `Host` header with a value of "example.com " to bypass an "example.com" matcher. **Recommendations** For Envoy version 1.12.0, as a temporary workaround, consider restricting the use of HTTP headers with whitespace after the header content until a patch is available.