Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
envoy vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2021-21378
Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the `allow_mi...
Envoyproxy Envoy 1.17.0
4
CVSSv2
CVE-2019-25014
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot prior to 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to t...
Istio Istio
Redhat Openshift Service Mesh 1.0
5.8
CVSSv2
CVE-2020-35470
Envoy prior to 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).
Envoyproxy Envoy
5
CVSSv2
CVE-2020-35471
Envoy prior to 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
Envoyproxy Envoy
7.5
CVSSv2
CVE-2020-25017
Envoy up to and including 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
Envoyproxy Envoy
5
CVSSv2
CVE-2020-25018
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
Envoyproxy Envoy
5
CVSSv2
CVE-2020-15127
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdow...
Projectcontour Contour
5.5
CVSSv2
CVE-2020-15104
In Envoy prior to 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow nested.subdomain.exam...
Envoyproxy Envoy
5
CVSSv2
CVE-2020-8663
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
Envoyproxy Envoy
5
CVSSv2
CVE-2020-12604
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream.
Envoyproxy Envoy
Envoyproxy Envoy 1.13.2
Envoyproxy Envoy 1.14.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »