CVE-2024-23326

HIGH8.2EPSS 0.08%

Envoy incorrectly accepts HTTP 200 response for entering upgrade mode

發布日:2024/6/6修改日:2025/10/15

描述

Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.

受影響套件(1)

Bitnami/envoyfrom 0, < 1.27.6, >= 1.28.0, < 1.28.4, >= 1.29.0, < 1.29.5, >= 1.30.0, < 1.30.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

參考連結(2)

WEBhttps://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-23326