Malformed HTTP request without the Host header may cause abnormal termination of the Envoy process
Note the alias for this issue is CVE-1019-18838 but should be CVE-2019-18838, I've updated the summary but there appears to be something else to be updated by the security team. Tim added the same comment on 25th November.
This issue has been addressed in the following products:
Openshift Service Mesh 1.0
OpenShift Service Mesh 1.0
Via RHSA-2019:4222 https://access.redhat.com/errata/RHSA-2019:4222
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):