Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Null pointer dereference in envoy
Vulnerability Description
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
空指针解引用
Vulnerability Title
Envoy 代码问题漏洞
Vulnerability Description
Envoy是一款开源的分布式代理服务器。 Envoy 存在代码问题漏洞,该漏洞源于在受影响的版本中,当CONNECT请求被发送到配置了regex匹配的JWT过滤器时,精心设计的请求会崩溃。
CVSS Information
N/A
Vulnerability Type
N/A