Description
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade.
Remediation
References
Related Vulnerabilities
MySQL CVE-2012-0484 Vulnerability (CVE-2012-0484)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-39200)
WordPress Plugin Ultimate Gift Cards For WooCommerce Cross-Site Request Forgery (2.1.1)
ownCloud Improper Authentication Vulnerability (CVE-2016-9463)