Vulnerabilities

CVE-2019-9900

by Fred · 25/04/2019

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources.

Date published : 2019-04-25

https://github.com/envoyproxy/envoy/issues/6434

https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h

Similar

Tags: Cybersecurity Alert