漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Heimdall: Case-sensitive host matching may lead to policy bypass
Vulnerability Description
Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs host matching in a case-sensitive manner, while HTTP hostnames are case-insensitive. This discrepancy can result in heimdall failing to match a rule for a request host that differs only in letter casing, potentially causing the request to be classified differently than intended. This issue has been patched in version 0.17.14.
CVSS Information
N/A
Vulnerability Type
解释冲突
Vulnerability Title
Heimdall 安全漏洞
Vulnerability Description
Heimdall是dadrus开源的一个开源的身份感知代理和访问控制决策服务,用于云原生应用程序。 Heimdall 0.17.14之前版本存在安全漏洞,该漏洞源于以区分大小写方式执行主机匹配,而HTTP主机名不区分大小写,可能导致heimdall无法匹配仅字母大小写不同的请求主机规则,导致请求分类与预期不同。
CVSS Information
N/A
Vulnerability Type
N/A