Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
envoyproxy envoy vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2022-29227
Envoy is a cloud-native high-performance edge/middle/service proxy. In versions before 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the reques...
Envoyproxy Envoy
445
VMScore
CVE-2022-29228
Envoy is a cloud-native high-performance proxy. In versions before 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecodin...
Envoyproxy Envoy
NA
CVE-2024-23322
Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configur...
Envoyproxy Envoy
668
VMScore
CVE-2019-18802
An issue exists in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "ex...
Envoyproxy Envoy
NA
CVE-2023-27491
Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow ...
Envoyproxy Envoy
NA
CVE-2023-27492
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled ...
Envoyproxy Envoy
NA
CVE-2023-27493
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal ...
Envoyproxy Envoy
516
VMScore
CVE-2020-35470
Envoy prior to 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).
Envoyproxy Envoy
445
VMScore
CVE-2020-25018
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
Envoyproxy Envoy
445
VMScore
CVE-2020-8663
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
Envoyproxy Envoy
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »