Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reachable assertion in Envoy
Vulnerability Description
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
可达断言
Vulnerability Title
Envoy 资源管理错误漏洞
Vulnerability Description
Envoy是一款开源的分布式代理服务器。 Envoy 1.22.1 之前的版本存在安全漏洞,该漏洞源于OAuth 过滤器会在发出本地响应后尝试调用链中剩余的过滤器,这会在较新版本中触发 ASSERT() 并破坏较早版本中的内存。
CVSS Information
N/A
Vulnerability Type
N/A