Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched.
{
"source": [
"CPE_RANGE",
"CPE_STRING"
],
"cpe": [
"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"cpe:2.3:a:envoyproxy:envoy:1.19.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "1.16.4"
},
{
"introduced": "1.17.0"
},
{
"fixed": "1.17.4"
},
{
"introduced": "1.18.0"
},
{
"fixed": "1.18.4"
},
{
"introduced": "1.19.0"
},
{
"last_affected": "1.19.0"
}
]
}{
"source": [
"CPE_RANGE",
"CPE_STRING"
],
"cpe": [
"cpe:2.3:a:pomerium:pomerium:*:*:*:*:*:*:*:*",
"cpe:2.3:a:pomerium:pomerium:0.15.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "0.14.8"
},
{
"introduced": "0.15.0"
},
{
"last_affected": "0.15.0"
}
]
}