Security Advisory

CVE-2021-43824

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-22 22:15:10

Last updated 2025-04-23 19:01:55

Assigner GitHub_M

State PUBLISHED

Description

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaround is to not use regex in the JWT filter. Users are advised to upgrade.

← Browse all CVEs View on cve.org ↗