Authentication Bypass
Discription

github.com/GoogleCloudPlatform/esp-v2 is vulnerable to Authentication Bypass. The vulnerability exists because the library does not properly filter the malicious HTTP headers, which allows an attacker to send maliciously crafted `X-HTTP-Method-Override` header values to bypass JWT authentication in specific cases.Read More

References

https://github.com/GoogleCloudPlatform/esp-v2/pull/801https://github.com/GoogleCloudPlatform/esp-v2/commit/e95670146f5e96bb5565b0a9c1e153886b3e04cehttps://github.com/GoogleCloudPlatform/esp-v2/security/advisories/GHSA-6qmp-9p95-fc5fhttps://github.com/GoogleCloudPlatform/esp-v2/commit/0bcdfc024ce96b34db4e1b4f2211b509d9be93cdhttps://github.com/GoogleCloudPlatform/esp-v2/commit/e98061ee4527a564506ba4e814c0ecf324dc2c6f

Back to Main
Subscribe for the latest news: