CVEs reported by Envoy and Go.
|CVSS Impact Score||7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H|
|Affected Releases||All releases prior to 1.17.0|
1.17.0 to 1.17.6
1.18.0 to 1.18.3
1.19.0 to 1.19.1
CVE-2023-44487: (CVSS Score 7.5, High): HTTP/2 denial of service
CVE-2023-39325: (CVSS Score 7.5, High): HTTP/2 denial of service
Am I Impacted?
You are impacted If you accept HTTP/2 traffic from untrusted sources, which applies to most users. This especially applies if you use a Gateway exposed on the public internet.