Description
Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9.
Remediation
References
Related Vulnerabilities
TYPO3 Cleartext Transmission of Sensitive Information Vulnerability (CVE-2017-6370)
WordPress Plugin Gravity Forms FreshDesk Cross-Site Scripting (1.2.8)
WordPress Plugin WP Coder-add custom html, css and js code SQL Injection (2.5.3)
Apache Tomcat version older than 5.5.26
WordPress Plugin WP YouTube Live Cross-Site Scripting (1.8.2)