Description
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-3614 Vulnerability (CVE-2016-3614)
MySQL CVE-2018-2816 Vulnerability (CVE-2018-2816)
Oracle Database Server CVE-2015-2595 Vulnerability (CVE-2015-2595)
Apache Traffic Server Memory Disclosure Vulnerability (CVE-2020-17508)
Oracle Database Server CVE-2010-2389 Vulnerability (CVE-2010-2389)