Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Envoy Proxy Other Vulnerability (CVE-2024-34363)

Description

Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash.

Remediation

References

Related Vulnerabilities

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000862)

Magento Improper Authorization Vulnerability (CVE-2021-21026)

PHP Improper Input Validation Vulnerability (CVE-2009-3291)

WordPress Plugin Google Map Generator Cross-Site Scripting (1.3.1)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-4978)

Severity

High

Classification

CVE-2024-34363 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities