fix(deps): update module github.com/envoyproxy/gateway to v1.8.1 [security] (release-v1.40)#5060
Open
marvin-tigera wants to merge 1 commit into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.8.0→v1.8.1Envoy Gateway custom backendRef cross-namespace ReferenceGrant bypass
CVE-2026-53718 / GHSA-fcrp-7gc2-93g7
More information
Details
Impact
Envoy Gateway accepts extension-managed custom backendRefs from an HTTPRoute to a backend resource in another namespace without requiring a matching Gateway API ReferenceGrant in the target namespace. This breaks the Gateway API cross-namespace consent model: the namespace that owns the referenced backend resource does not need to opt in with a ReferenceGrant before another namespace’s HTTPRoute can use that resource.
Patches
1.7.4
1.8.1
Severity
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Envoy Gateway: Wasm HTTP fetch decompresses gzip without output-size limit
CVE-2026-53716 / GHSA-cxpq-8v7q-cg56
More information
Details
Vulnerability report without repro case. Repro case may be added later after harness is complete.
Preconditions (4):
Description
getFileFromGZ calls io.ReadAll on a raw gzip.Reader (httpfetcher.go:216) with no output bound, while the compressed input is capped at 256 MiB (httpfetcher.go:139). The bytes originate from a tenant-controlled EnvoyExtensionPolicy.spec.wasm[].code.http.url (envoyextensionpolicy.go:1077 → cache.go:248 → httpfetcher.go:147 → :233), so an untrusted tenant can point at a ~10 MiB gzip-of-zeros and force ~10 GiB allocation in the shared controller process. All candidate guards execute either before the body is buffered or after decompression. OOM-kills, restarts, re-reconciles same CR, crash-loops — persistent cross-tenant control-plane outage with PR:L/AC:L and scope change → HIGH despite availability-only.
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Envoy Gateway: Nil-dereference when SecurityPolicy targets TCPRoute without spec.authorization
CVE-2026-53719 / GHSA-m2v6-2jmh-4c68
More information
Details
Vulnerability report without repro case. Repro case may be added later after harness is complete.
Preconditions (4):
Description:
A namespace-scoped tenant can deterministically panic the gatewayapi runner on every reconcile with a single CRD; the recover() in message/watchutil.go:53 keeps the process alive but unwinds the entire handle() callback in runner/runner.go:192, so xDS/Infra IR publishing stalls controller-wide until an admin deletes the object. Data plane keeps serving last-good config.
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Envoy Gateway: OCI layer extraction allocates make([]byte, h.Size) from untrusted tar header
CVE-2026-53717 / GHSA-h7pq-86h8-rp5x
More information
Details
Vulnerability report without repro case. Repro case may be added later after harness is complete.
Preconditions (4):
Description
At imagefetcher.go:287, make([]byte, h.Size) uses the attacker-controlled tar-header size; the LimitReader at :278 bounds bytes read from the stream but not the header-declared size returned by tr.Next() (a 512-byte header can claim a multi-TB entry via PAX/GNU encoding). Reached from untrusted tenant input via EnvoyExtensionPolicy spec.wasm[].code.image.url (envoyextensionpolicy.go:1157 → cache.go:262/299 → imagefetcher.go:218 → :287), and the allocation happens for every tar entry regardless of filename. The resulting Go runtime OOM throw is unrecoverable and, because the CRD persists, crash-loops the shared controller — single-request, non-volumetric, cluster-wide DoS.
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Envoy Gateway: Wasm cache ServeHTTP reads mappingPath2Cache without lock
CVE-2026-53715 / GHSA-8fv2-88gg-hm7q
More information
Details
Vulnerability report without repro case. Repro case may be added later after harness is complete.
Preconditions (4):
Description:
httpserver.go:153 reads s.mappingPath2Cache with no lock while httpserver.go:201/209 write it under s.Lock(); the struct uses a plain map. Writer is tenant-reachable via EnvoyExtensionPolicy translation, reader is pod-network-reachable on :18002 with per-request goroutines. Go's concurrent map read+write detection calls runtime.throw, which net/http's per-conn recover cannot catch, so the controller process exits — cross-tenant control-plane DoS. Capped at MEDIUM: DoS-only, k8s restarts pod, timing-dependent trigger.
Severity
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Envoy Gateway: Authentication Bypass via Improper Input Validation in EnvoyExtensionPolicy Lua Allows Secret Disclosure
CVE-2026-53713 / GHSA-wcrf-9vrr-854f
More information
Details
Impact
The
to_absolute_normalized_pathfunction (security.lua:28-43) does not collapse redundant path separators (// → /). On Linux,//etc/passwdis equivalent to/etc/passwd(POSIX path semantics), butis_critical_pathfails to match the double-slash variant because//etc/passwddoes not start with/etc/.This allows Lua code submitted as an
EnvoyExtensionPolicyto read arbitrary files from the gateway controller pod's filesystem during Strict validation (the default), including:/etc/passwd//var/run/secrets/kubernetes.io/serviceaccount/token//certs/...//proc/self/environThese credentials can be used to read sensitive information from the K8s API Server or from the Gateway XDS server.
Patches
This has been patched in versions >= v1.7.4 and v1.8.1
//to/) so double-slash variants like//etc/passwdand//var/run/secrets/...are matched by the critical-path check..or..segment in any position and across both separator styles (catches/etc/./passwd,./etc/passwd,/etc/.).Workarounds
Please refer to the
Warningsection in Lua docs for measures to reduce risk.Credits
Envoy Gateway thanks @dashingDragon and @Donjon-Cerberus for reporting this issue.
Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
envoyproxy/gateway (github.com/envoyproxy/gateway)
v1.8.1Compare Source
Release Announcement
Check out the v1.8.1 release announcement to learn more about the release.
What's Changed
Full Changelog: envoyproxy/gateway@v1.8.0...v1.8.1