Published: 04/04/2023 Updated: 07/11/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

DescriptionA flaw was found in Envoy. This issue may allow malicious users to send large request bodies for routes that have the Lua filter enabled, which will trigger a crash.A flaw was found in Envoy. This issue may allow malicious users to send large request bodies for routes that have the Lua filter enabled, which will trigger a crash.

Vulnerable Product	Search on Vulmon	Subscribe to Product
envoyproxy envoy

Synopsis Important: Red Hat OpenShift Service Mesh 229 security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Service Mesh 229Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, ...

Envoy is an open source edge and service proxy designed for cloud-native applications Prior to versions 1260, 1253, 1244, 1236, and 1229, the client may bypass JSON Web Token (JWT) checks and forge fake original paths The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request ...

DescriptionA flaw was found in Envoy This issue may allow attackers to send large request bodies for routes that have the Lua filter enabled, which will trigger a crashA flaw was found in Envoy This issue may allow attackers to send large request bodies for routes that have the Lua filter enabled, which will trigger a crash ...

CWE-770 https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2 https://access.redhat.com/errata/RHSA-2023:4623 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALASECS-2023-003.html https://access.redhat.com/security/cve/cve-2023-27492

CVE-2023-27492

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect