Showing results for tag Cve

Envoy Proxy — high severity vulnerabilities that can lead to exposure of unauthorized services.

Overview Two vulnerabilities have been discovered in the Envoy proxy that can potentially allow unauthorized access to backend resources. They are classified as of high severity according to the CVSS methodology and immediate action is needed. CVE-2019–9900 (CVSS score 8.3) When parsing HTTP/1.x header values, Envoy 1.9 and before does not reject embedded zero characters (NUL, ASCII […] Engineering | April 5, 2019
Read More