Description
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-2007 Vulnerability (CVE-2021-2007)
WordPress 4.9.x Cross-Domain Flash Injection Vulnerability (4.9 - 4.9.1)
WordPress Plugin Apptivo eCommerce Multiple Cross-Site Scripting Vulnerabilities (1.1.5)
WordPress Plugin myCred-Points, Rewards, Gamification, Ranks, Badges & Loyalty SQL Injection (2.2)