Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
envoyproxy envoy vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-32778
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are re...
Envoyproxy Envoy 1.19.0
Envoyproxy Envoy
7.5
CVSSv3
CVE-2021-32780
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is tr...
Envoyproxy Envoy 1.19.0
Envoyproxy Envoy
8.3
CVSSv3
CVE-2021-32779
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorizati...
Envoyproxy Envoy 1.19.0
Envoyproxy Envoy
7.5
CVSSv3
CVE-2021-32781
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generat...
Envoyproxy Envoy 1.19.0
Envoyproxy Envoy
8.3
CVSSv3
CVE-2021-32777
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HT...
Envoyproxy Envoy 1.19.0
Envoyproxy Envoy
8.3
CVSSv3
CVE-2021-29492
Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control, e.g...
Envoyproxy Envoy
1 Github repository
7.5
CVSSv3
CVE-2021-29258
An issue exists in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
Envoyproxy Envoy 1.17.1
Envoyproxy Envoy 1.16.2
Envoyproxy Envoy 1.15.3
Envoyproxy Envoy 1.14.6
7.5
CVSSv3
CVE-2021-28682
An issue exists in Envoy up to and including 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
Envoyproxy Envoy 1.17.1
Envoyproxy Envoy 1.16.2
Envoyproxy Envoy 1.15.3
Envoyproxy Envoy 1.14.6
7.5
CVSSv3
CVE-2021-28683
An issue exists in Envoy up to and including 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
Envoyproxy Envoy 1.17.1
Envoyproxy Envoy 1.16.2
8.2
CVSSv3
CVE-2021-21378
Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the `allow_mi...
Envoyproxy Envoy 1.17.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »