CVE-2025-0752
published 2025-01-28CVE-2025-0752: A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be…
high7.1CVSS 3.1
AVNACLPRLUINSUCNILAH
A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_mozjs_102.15.1-1_on_azure_linux_3.0 | — | — |
| redhat | openshift_service_mesh | — | — |
| redhat | openshift_service_mesh | — | — |