CVE-2023-35942 - Critical Envoy Proxy “Use-After-Free” Vulnerability Explained
Envoy Proxy is a popular open-source edge and service proxy, vital in many cloud-native infrastructures. But like any powerful tool, it can have dangerous cracks.
CVE-2023-37918 - Dapr’s API Token Authentication Bypass — What Happened and How to Stay Safe
Dapr (Distributed Application Runtime) is a lightweight, event-driven runtime designed to help developers build resilient, microservice-based applications that can run on the cloud or edge.
CVE-2018-17453 - Stealing GitLab Access Tokens From Sentry Logs via gRPC::Unknown Exception
In late 2018, a serious vulnerability—CVE-2018-17453—was found in GitLab Community and Enterprise Editions. This bug put some access tokens at risk, potentially allowing
CVE-2023-29193 - Exposing Sensitive gRPC Preshared Keys via SpiceDB Metrics Endpoint
SpiceDB is a powerful, open-source permissions database inspired by Google's Zanzibar design. As more organizations use SpiceDB to handle critical application permissions, security
CVE-2022-29224 - Exploiting a Segmentation Fault in Envoy’s GrpcHealthCheckerImpl
Envoy is a widely used, high-performance proxy that’s become a core building block in modern cloud-native architectures. Its features, including advanced routing and upstream
Episode
00:00:00
00:00:00