github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/bitnami/testdata/happy/bitnami-vulndb/data/envoy/BIT-2020-12603.json (about) 1 { 2 "schema_version": "1.5.0", 3 "id": "BIT-2020-12603", 4 "details": "Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.", 5 "aliases": [ 6 "CVE-2020-12603" 7 ], 8 "affected": [ 9 { 10 "package": { 11 "ecosystem": "bitnami", 12 "name": "envoy", 13 "purl": "pkg:bitnami/envoy" 14 }, 15 "severity": [ 16 { 17 "type": "CVSS_V3", 18 "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" 19 } 20 ], 21 "ranges": [ 22 { 23 "type": "SEMVER", 24 "events": [ 25 { 26 "introduced": "0" 27 }, 28 { 29 "fixed": "1.12.4" 30 } 31 ] 32 }, 33 { 34 "type": "SEMVER", 35 "events": [ 36 { 37 "introduced": "1.13.2" 38 }, 39 { 40 "last_affected": "1.13.2" 41 } 42 ] 43 }, 44 { 45 "type": "SEMVER", 46 "events": [ 47 { 48 "introduced": "1.14.2" 49 }, 50 { 51 "last_affected": "1.14.2" 52 } 53 ] 54 } 55 ] 56 } 57 ], 58 "database_specific": { 59 "severity": "High", 60 "cpes": [ 61 "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*", 62 "cpe:2.3:a:envoyproxy:envoy:1.13.2:*:*:*:*:*:*:*", 63 "cpe:2.3:a:envoyproxy:envoy:1.14.2:*:*:*:*:*:*:*" 64 ] 65 }, 66 "references": [ 67 { 68 "type": "WEB", 69 "url": "https://github.com/envoyproxy/envoy-setec/issues/80" 70 }, 71 { 72 "type": "WEB", 73 "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pc38-4q6c-85p6" 74 } 75 ], 76 "published": "2023-09-14T11:39:47.223Z", 77 "modified": "2023-09-14T11:39:47.223Z" 78 }