DescriptionEnvoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
|National Vulnerability Database||SUSE|
SUSE Timeline for this CVECVE page created: Wed Feb 23 05:00:57 2022
CVE page last modified: Wed Oct 26 23:28:33 2022