Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-23326

Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.

Published

2024-06-04T21:15:33.440

Last Modified

2024-11-21T08:57:30.870

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-391
Type: Primary
CWE-444

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	envoyproxy	envoy	< 1.27.6	Yes
Application	envoyproxy	envoy	< 1.28.4	Yes
Application	envoyproxy	envoy	< 1.29.5	Yes
Application	envoyproxy	envoy	< 1.30.2	Yes

References

https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c Vendor Advisory ([email protected])
https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)