x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45808 #3147

GoVulnBot · 2024-09-20T01:01:22Z

Advisory CVE-2024-45808 references a vulnerability in the following Go modules:

Module
github.com/envoyproxy/envoy

Description:
Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the REQUESTED_SERVER_NAME field for access loggers. This issue has been addressed in versions 1.31.2, 1.30.6, 1.29.9, and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References:

ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-45808
WEB: GHSA-p222-xhp9-39rc

Cross references:

github.com/envoyproxy/envoy appears in 61 other report(s):
- data/excluded/GO-2022-0330.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43824 #330) NOT_GO_CODE
- data/excluded/GO-2022-0331.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43825 #331) NOT_GO_CODE
- data/excluded/GO-2022-0332.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2021-43826 #332) NOT_GO_CODE
- data/excluded/GO-2022-0333.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21654 #333) NOT_GO_CODE
- data/excluded/GO-2022-0334.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21655 #334) NOT_GO_CODE
- data/excluded/GO-2022-0335.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21656 #335) NOT_GO_CODE
- data/excluded/GO-2022-0336.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-21657 #336) NOT_GO_CODE
- data/excluded/GO-2022-0337.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-23606 #337) NOT_GO_CODE
- data/excluded/GO-2022-0484.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29224 #484) NOT_GO_CODE
- data/excluded/GO-2022-0485.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29225 #485) NOT_GO_CODE
- data/excluded/GO-2022-0486.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29226 #486) NOT_GO_CODE
- data/excluded/GO-2022-0487.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29227 #487) NOT_GO_CODE
- data/excluded/GO-2022-0488.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2022-29228 #488) NOT_GO_CODE
- data/excluded/GO-2023-1690.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27487 #1690) NOT_GO_CODE
- data/excluded/GO-2023-1691.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27488 #1691) NOT_GO_CODE
- data/excluded/GO-2023-1692.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27491 #1692) NOT_GO_CODE
- data/excluded/GO-2023-1693.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27492 #1693) NOT_GO_CODE
- data/excluded/GO-2023-1694.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27493 #1694) NOT_GO_CODE
- data/excluded/GO-2023-1695.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-27496 #1695) NOT_GO_CODE
- data/excluded/GO-2023-1917.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35945 #1917) NOT_GO_CODE
- data/excluded/GO-2023-1921.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: GHSA-2wmf-p7f8-w42h #1921) NOT_GO_CODE
- data/excluded/GO-2023-1966.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35941 #1966) NOT_GO_CODE
- data/excluded/GO-2023-1968.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35942 #1968) NOT_GO_CODE
- data/excluded/GO-2023-1969.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35943 #1969) NOT_GO_CODE
- data/excluded/GO-2023-1970.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-35944 #1970) NOT_GO_CODE
- data/excluded/GO-2023-2106.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2023-44487 #2106) NOT_GO_CODE
- data/excluded/GO-2023-2242.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-15226 #2242) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2247.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18801 #2247) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2248.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18802 #2248) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2249.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18836 #2249) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2250.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-18838 #2250) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2260.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2019-9900 #2260) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2273.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12603 #2273) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2274.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12604 #2274) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2275.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-12605 #2275) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2279.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-15104 #2279) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2291.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-25017 #2291) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2292.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-25018 #2292) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2301.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-35470 #2301) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2302.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-35471 #2302) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2307.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8659 #2307) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2308.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8660 #2308) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2309.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8661 #2309) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2310.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8663 #2310) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2023-2311.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2020-8664 #2311) LEGACY_FALSE_POSITIVE
- data/excluded/GO-2024-2542.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23322 #2542) NOT_GO_CODE
- data/excluded/GO-2024-2543.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23323 #2543) NOT_GO_CODE
- data/excluded/GO-2024-2544.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23324 #2544) NOT_GO_CODE
- data/excluded/GO-2024-2545.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23325 #2545) NOT_GO_CODE
- data/excluded/GO-2024-2546.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23327 #2546) NOT_GO_CODE
- data/excluded/GO-2024-2710.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-27919 #2710) NOT_GO_CODE
- data/excluded/GO-2024-2713.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-30255 #2713) NOT_GO_CODE
- data/excluded/GO-2024-2735.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32475 #2735) NOT_GO_CODE
- data/excluded/GO-2024-2890.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-23326 #2890) NOT_GO_CODE
- data/excluded/GO-2024-2892.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32974 #2892) NOT_GO_CODE
- data/excluded/GO-2024-2893.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32975 #2893) NOT_GO_CODE
- data/excluded/GO-2024-2894.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-32976 #2894) NOT_GO_CODE
- data/excluded/GO-2024-2895.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-34362 #2895) NOT_GO_CODE
- data/excluded/GO-2024-2896.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-34363 #2896) NOT_GO_CODE
- data/excluded/GO-2024-2897.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-34364 #2897) NOT_GO_CODE
- data/excluded/GO-2024-2960.yaml (x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-39305 #2960) NOT_GO_CODE

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/envoyproxy/envoy
      vulnerable_at: 1.31.2
summary: CVE-2024-45808 in github.com/envoyproxy/envoy
cves:
    - CVE-2024-45808
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-45808
    - web: https://github.com/envoyproxy/envoy/security/advisories/GHSA-p222-xhp9-39rc
source:
    id: CVE-2024-45808
    created: 2024-09-20T01:01:21.757447315Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-09-20T16:20:23Z

Change https://go.dev/cl/614715 mentions this issue: data/excluded: add 6 reports

zpavlinovic added possibly not Go triaged labels Sep 20, 2024

zpavlinovic self-assigned this Sep 20, 2024

zpavlinovic added excluded: NOT_GO_CODE This vulnerability does not refer to a Go module. and removed possibly not Go labels Sep 20, 2024

gopherbot closed this as completed in 2c8df93 Sep 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45808 #3147

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45808 #3147

GoVulnBot commented Sep 20, 2024

gopherbot commented Sep 20, 2024

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45808 #3147

x/vulndb: potential Go vuln in github.com/envoyproxy/envoy: CVE-2024-45808 #3147

Comments

GoVulnBot commented Sep 20, 2024

gopherbot commented Sep 20, 2024