VDB
EN
MEDIUM 6.5

GHSA-m2v6-2jmh-4c68

Envoy Gateway: Nil-dereference when SecurityPolicy targets TCPRoute without spec.authorization

상세

Vulnerability report without repro case. Repro case may be added later after harness is complete.

**Preconditions (4):** - Tenant has SecurityPolicy + TCPRoute RBAC (baseline) - Tenant namespace permitted to attach TCPRoute to a Gateway listener - spec.authorization omitted (the trigger) - No admission webhook blocks the shape

**Description:**

A namespace-scoped tenant can deterministically panic the gatewayapi runner on every reconcile with a single CRD; the recover() in message/watchutil.go:53 keeps the process alive but unwinds the entire handle() callback in runner/runner.go:192, so xDS/Infra IR publishing stalls controller-wide until an admin deletes the object. Data plane keeps serving last-good config.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Go / github.com/envoyproxy/gateway
최초 영향 버전: 1.8.0-rc.0 수정 버전: 1.8.1
수정 go get github.com/envoyproxy/gateway@v1.8.1
Go / github.com/envoyproxy/gateway
최초 영향 버전: 0 수정 버전: 1.7.4
수정 go get github.com/envoyproxy/gateway@v1.7.4

참고