CVE-2023-30845P2CRITICALCVSS 9.8≥ 2.20.0, < 2.43.02023-04-26
CVE-2023-30845 [CRITICAL] CWE-287 CVE-2023-30845: ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructu
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT authentication in specific cases.
ESPv2 allows malicious requests to bypass authe
nvd