Unrated severityNVD Advisory· Published Sep 19, 2024· Updated Sep 20, 2024
Malicious log injection via access logs in envoy
CVE-2024-45808
Description
Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the REQUESTED_SERVER_NAME field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: >= 1.31.0, < 1.31.2
Patches
Vulnerability mechanics
References
1- github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rcmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.