Malformed request header may cause route matchers or access controls to be bypassed, resulting in escalation of privileges or information disclosure.
External References: https://groups.google.com/forum/#!topic/envoy-users/m7z5fGkCzPI https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4
This issue has been addressed in the following products: Openshift Service Mesh 1.0 OpenShift Service Mesh 1.0 Via RHSA-2019:4222 https://access.redhat.com/errata/RHSA-2019:4222
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-18802