Envoy Proxy Improper Encoding or Escaping of Output Vulnerability - CVE-2024-45808

Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the REQUESTED_SERVER_NAME field for access loggers. This issue has been addressed in versions 1.31.2 1.30.6 1.29.9 and 1.28.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.