Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect handling of internal redirects results in crash in Envoy
Vulnerability Description
Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn off internal redirects if direct response entries are configured on the same listener.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
控制流实现总是不正确
Vulnerability Title
Envoy 安全漏洞
Vulnerability Description
Envoy是一款开源的分布式代理服务器。 Envoy 存在安全漏洞,该漏洞源于Envoy内部重定向选择配置了直接响应或重定向动作的路由,特使通用路由器将出现分段故障。
CVSS Information
N/A
Vulnerability Type
N/A