Malformed request header may cause route matchers or access controls to be bypassed, resulting in escalation of privileges or information disclosure.
This issue has been addressed in the following products:
Openshift Service Mesh 1.0
OpenShift Service Mesh 1.0
Via RHSA-2019:4222 https://access.redhat.com/errata/RHSA-2019:4222
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):