Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-27493

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy’s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties.

Published

2023-04-04T20:15:07.463

Last Modified

2024-11-21T07:53:01.060

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-444

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	envoyproxy	envoy	< 1.22.9	Yes
Application	envoyproxy	envoy	< 1.23.6	Yes
Application	envoyproxy	envoy	< 1.24.4	Yes
Application	envoyproxy	envoy	< 1.25.3	Yes

References

https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q Exploit, Vendor Advisory ([email protected])
https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)