Description
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
Remediation
References
Related Vulnerabilities
WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.7)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5339)
WordPress Plugin Fusion Engage Local File Disclosure (1.0.5)
WordPress Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-3590)
WordPress Plugin Zingiri Web Shop 'wpabspath' Parameter Remote File Include (2.2.0)