Description

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.

Remediation

References

CVE-2020-12603

Related Vulnerabilities

Drupal Core 7.x Information Disclosure (7.0 - 7.14)

WordPress Plugin Child Theme Creator by Orbisius Arbitrary File Modification (1.2.6)

WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (4.4.3)

WordPress Plugin NextGEN Gallery-WordPress Gallery Local File Inclusion (2.1.7)

WordPress Plugin Advanced Custom Fields (ACF) PHP Object Injection (6.0.7)

Severity

High

Classification

CVE-2020-12603 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities