CVE-2024-45808 | Envoy up to 1.28.6/1.29.4/1.30.0 REQUESTED_SERVER_NAME neutralization for logs (GHSA-p222-xhp9-39rc)

Inserito da Angelo Barbosa | Set 20, 2024 | CVE

A vulnerability, which was classified as critical, was found in Envoy up to 1.28.6/1.29.4/1.30.0. This affects an unknown part. The manipulation of the argument REQUESTED_SERVER_NAME leads to improper output neutralization for logs.

This vulnerability is uniquely identified as CVE-2024-45808. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-45808 | Envoy up to 1.28.6/1.29.4/1.30.0 REQUESTED_SERVER_NAME neutralization for logs (GHSA-p222-xhp9-39rc)

Post correlati

CVE-2022-48939 | Linux Kernel up to 5.10.102/5.15.25/5.16.11 bpf generic_map_delete_batch infinite loop

CVE-2023-49620 | Apache DolphinScheduler up to 3.0.x Resource Center authorization

CVE-2024-25065 | Apache OFBiz up to 18.12.11 path traversal

CVE-2024-25250 | code-projects Agro-School Management System 1.0 Login Page sql injection