Denniskniep

**Name of the Vulnerable Software and Affected Versions** Envoy Gateway versions prior to 1.2.7 Envoy Gateway versions prior to 1.3.1 **Description** The issue concerns a default Envoy Proxy access log configuration that is vulnerable to log injection attacks. An attacker can use a specially crafted user-agent to perform JSON injection, allowing them to add and overwrite fields in the access log. **Recommendations** For versions prior to 1.2.7, update to version 1.2.7 to resolve the issue. For versions prior to 1.3.1, update to version 1.3.1 to resolve the issue. As a temporary workaround, consider modifying the `EnvoyProxy.spec.telemetry.accessLog` setting to use a JSON formatter instead of the old text-based default format.