CVE-2021-32777 - log back

CVE-2021-32777 edited at 25 Aug 2021 10:18:55
Description
- Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability that an HTTP request with multiple value headers could do an incomplete authorization policy check when the ext_authz extension is used. When a request header contains multiple values, the external authorization server will only see the last value of the given header. See CVE-2021-32777 for more information.
+ Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability that an HTTP request with multiple value headers could do an incomplete authorization policy check when the ext_authz extension is used. When a request header contains multiple values, the external authorization server will only see the last value of the given header.
CVE-2021-32777 edited at 25 Aug 2021 10:17:22
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability that an HTTP request with multiple value headers could do an incomplete authorization policy check when the ext_authz extension is used. When a request header contains multiple values, the external authorization server will only see the last value of the given header. See CVE-2021-32777 for more information.
References
+ https://istio.io/latest/news/security/istio-security-2021-008/#cve-2021-32777
CVE-2021-32777 created at 25 Aug 2021 10:15:50
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes