Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Envoy forwards invalid Http2/Http3 downstream headers
Vulnerability Description
Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Envoy 环境问题漏洞
Vulnerability Description
Envoy是一款开源的分布式代理服务器。 Envoy存在环境问题漏洞,该漏洞源于不兼容的 HTTP/1 服务允许格式错误的请求,从而导致安全策略被绕过。以下是受影响的版本:1.26.0之前版本,1.25.3之前版本,1.24.4之前版本,1.23.6之前版本,1.22.9之前版本。
CVSS Information
N/A
Vulnerability Type
N/A