Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
envoyproxy envoy vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2022-29226
Envoy is a cloud-native high-performance proxy. In versions before 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the cu...
Envoyproxy Envoy
6.4
CVSSv2
CVE-2021-21378
Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the `allow_mi...
Envoyproxy Envoy 1.17.0
5.8
CVSSv2
CVE-2022-21656
Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allo...
Envoyproxy Envoy
5.8
CVSSv2
CVE-2020-35470
Envoy prior to 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).
Envoyproxy Envoy
5.5
CVSSv2
CVE-2020-15104
In Envoy prior to 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow nested.subdomain.exam...
Envoyproxy Envoy
5
CVSSv2
CVE-2022-29228
Envoy is a cloud-native high-performance proxy. In versions before 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecodin...
Envoyproxy Envoy
5
CVSSv2
CVE-2022-29225
Envoy is a cloud-native high-performance proxy. In versions before 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an malicious user to zip bomb the decompressor by sending a small ...
Envoyproxy Envoy
5
CVSSv2
CVE-2022-29227
Envoy is a cloud-native high-performance edge/middle/service proxy. In versions before 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the reques...
Envoyproxy Envoy
5
CVSSv2
CVE-2021-43825
Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amoun...
Envoyproxy Envoy
5
CVSSv2
CVE-2021-39206
Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, ...
Envoyproxy Envoy
Envoyproxy Envoy 1.19.0
Pomerium Pomerium
Pomerium Pomerium 0.15.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »