CVE-2023-35941

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-116
View all →

Vulnerability Description

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.

Related Vulnerabilities

CVE-2017-8303

CRITICAL
CVSS:9.8(Critical)

An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.

CWE-1162017

CVE-2018-15494

CRITICAL
CVSS:9.8(Critical)

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.

CWE-1162018

CVE-2018-9246

CRITICAL
CVSS:9.8(Critical)

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting i...

CWE-1162018

CVE-2018-9433

CRITICAL
CVSS:9.8(Critical)

In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed...

CWE-1162018

CVE-2019-11325

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary...

CWE-1162019

CVE-2020-36599

CRITICAL
CVSS:9.8(Critical)

lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.

CWE-1162020