Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
envoyproxy envoy 1.17.1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-28682
An issue exists in Envoy up to and including 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
Envoyproxy Envoy 1.14.6
Envoyproxy Envoy 1.15.3
Envoyproxy Envoy 1.16.2
Envoyproxy Envoy 1.17.1
7.5
CVSSv3
CVE-2021-29258
An issue exists in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
Envoyproxy Envoy 1.14.6
Envoyproxy Envoy 1.15.3
Envoyproxy Envoy 1.16.2
Envoyproxy Envoy 1.17.1
7.5
CVSSv3
CVE-2021-28683
An issue exists in Envoy up to and including 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
Envoyproxy Envoy 1.16.2
Envoyproxy Envoy 1.17.1
8.2
CVSSv3
CVE-2021-21378
Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the `allow_mi...
Envoyproxy Envoy 1.17.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started