| |
Vulnerability CVE-2024-45808
Published: 2024-09-20
| Description: |
Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the `REQUESTED_SERVER_NAME` field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
Type:
CWE-117 (Improper Output Neutralization for Logs)
References: |
https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
