Количество 8
Количество 8
BDU:2023-04197
Уязвимость фильтра HTTP CORS прокси-сервера Envoy, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS)
CVE-2023-35943
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration.
CVE-2023-35943
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration.
CVE-2023-35943
Envoy is an open source edge and service proxy designed for cloud-nati ...
ELSA-2023-12781
ELSA-2023-12781: istio security update (IMPORTANT)
ELSA-2023-12780
ELSA-2023-12780: istio security update (IMPORTANT)
ELSA-2023-12772
ELSA-2023-12772: olcne security update (IMPORTANT)
ELSA-2023-12771
ELSA-2023-12771: istio security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2023-04197 Уязвимость фильтра HTTP CORS прокси-сервера Envoy, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS) | CVSS3: 6.3 | 0% Низкий | около 2 лет назад |
 | CVE-2023-35943 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration. | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
 | CVE-2023-35943 Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration. | CVSS3: 6.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-35943 Envoy is an open source edge and service proxy designed for cloud-nati ... | CVSS3: 6.3 | 0% Низкий | около 2 лет назад |
| ELSA-2023-12781 ELSA-2023-12781: istio security update (IMPORTANT) | около 2 лет назад | ||
| ELSA-2023-12780 ELSA-2023-12780: istio security update (IMPORTANT) | около 2 лет назад | ||
| ELSA-2023-12772 ELSA-2023-12772: olcne security update (IMPORTANT) | около 2 лет назад | ||
| ELSA-2023-12771 ELSA-2023-12771: istio security update (IMPORTANT) | около 2 лет назад |
Уязвимостей на страницу