CVE-2024-23326

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-23326

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23326.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-23326

Aliases

BIT-envoy-2024-23326

Related

GHSA-vcf8-7238-v74c

Published

2024-06-04T21:15:33Z

Modified

2025-02-19T03:37:15.164400Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

[none]

Details

Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.

References

https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c

Affected packages

Git / github.com/envoyproxy/envoy

Affected ranges

Type: GIT
Repo: https://github.com/envoyproxy/envoy
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

84d6d3ae2d687626e9fa0dd6560acc6107ac4c2c

Affected versions

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.16.0

v1.17.0

v1.18.0

v1.18.1

v1.18.2

v1.19.0

v1.2.0

v1.20.0

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.26.0

v1.27.0

v1.27.1

v1.27.2

v1.27.3

v1.27.4

v1.27.5

v1.3.0

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0