Red Hat OpenShift Service Mesh is Red Hat’s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.

Security Fix(es):

* envoy: Client may fake the header `x-envoy-original-path` (CVE-2023-27487)

* envoy: envoy doesn’t escape HTTP header values (CVE-2023-27493)

* envoy: gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received (CVE-2023-27488)

* envoy: Envoy forwards invalid HTTP/2 and HTTP/3 downstream (CVE-2023-27491)

* envoy: Crash when a large request body is processed in Lua filter (CVE-2023-27492)

* envoy: Crash when a redirect url without a state param is received in the oauth filter (CVE-2023-27496)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Read More