open-consul

Commit Graph

Author	SHA1	Message	Date
Michael Zalimeni	4cae008559	Disable remote proxy patching except AWS Lambda (#17415 ) To avoid unintended tampering with remote downstreams via service config, refactor BasicEnvoyExtender and RuntimeConfig to disallow typical Envoy extensions from being applied to non-local proxies. Continue to allow this behavior for AWS Lambda and the read-only Validate builtin extensions. Addresses CVE-2023-2816.	2023-05-23 11:55:06 +00:00

Author

SHA1

Message

Date

Michael Zalimeni

4cae008559

Disable remote proxy patching except AWS Lambda (#17415 )

To avoid unintended tampering with remote downstreams via service
config, refactor BasicEnvoyExtender and RuntimeConfig to disallow
typical Envoy extensions from being applied to non-local proxies.

Continue to allow this behavior for AWS Lambda and the read-only
Validate builtin extensions.

Addresses CVE-2023-2816.

2023-05-23 11:55:06 +00:00

1 Commits