Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cilium's Gateway API route matching order contradicts specification
Vulnerability Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched. This could result in unexpected behaviour with security This issue is fixed in Cilium v1.15.8 and v1.16.1. There is no workaround for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)
Vulnerability Title
Cilium 安全漏洞
Vulnerability Description
Cilium是Cilium开源的一个开源软件。用于提供和透明地保护应用程序工作负载(如应用程序容器或进程)之间的网络连接和负载平衡。 Cilium 1.15.8和1.16.1之前版本存在安全漏洞,该漏洞源于没有遵循Gateway API规范中指定的匹配优先级,请求标头在请求方法之前匹配,而规范描述在匹配标头之前必须遵循请求方法,导致与安全相关的意外行为。
CVSS Information
N/A
Vulnerability Type
N/A