An authorization bypass vulnerability was found in envoyproxy/envoy. Envoy incorrectly evaluates an HTTP request with multiple `value` headers. This flaw allows an malicious user to bypass rule policies that use the `ext_authz` extension. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
envoyproxy envoy 1.19.0 |
||
envoyproxy envoy |