Unrated severityNVD Advisory· Published Jun 4, 2024· Updated Aug 1, 2024

Envoy incorrectly accepts HTTP 200 response for entering upgrade mode

CVE-2024-23326

Description

Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.

Affected products

Envoyproxy/Envoyv5
Range: >= 1.13.0, <= 1.30.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74cmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000