GHSA-m2v6-2jmh-4c68
Envoy Gateway: Nil-dereference when SecurityPolicy targets TCPRoute without spec.authorization
Details
Vulnerability report without repro case. Repro case may be added later after harness is complete.
**Preconditions (4):** - Tenant has SecurityPolicy + TCPRoute RBAC (baseline) - Tenant namespace permitted to attach TCPRoute to a Gateway listener - spec.authorization omitted (the trigger) - No admission webhook blocks the shape
**Description:**
A namespace-scoped tenant can deterministically panic the gatewayapi runner on every reconcile with a single CRD; the recover() in message/watchutil.go:53 keeps the process alive but unwinds the entire handle() callback in runner/runner.go:192, so xDS/Infra IR publishing stalls controller-wide until an admin deletes the object. Data plane keeps serving last-good config.
Are you affected?
Enter the version of the package you're using.
Affected packages
1.8.0-rc.0 Fixed in: 1.8.1 go get github.com/envoyproxy/gateway@v1.8.1 0 Fixed in: 1.7.4 go get github.com/envoyproxy/gateway@v1.7.4