Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
envoy vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-18838
An issue exists in Envoy 1.12.0. Upon receipt of a malformed HTTP request without a Host header, it sends an internally generated "Invalid request" response. This internally generated response is dispatched through the configured encoder filter chain before being sent t...
Envoyproxy Envoy
5
CVSSv2
CVE-2022-29227
Envoy is a cloud-native high-performance edge/middle/service proxy. In versions before 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the reques...
Envoyproxy Envoy
5.5
CVSSv2
CVE-2020-15104
In Envoy prior to 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow nested.subdomain.exam...
Envoyproxy Envoy
NA
CVE-2024-23325
Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives...
Envoyproxy Envoy
NA
CVE-2024-23327
Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does ...
Envoyproxy Envoy
4.3
CVSSv2
CVE-2021-43824
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaro...
Envoyproxy Envoy
4.3
CVSSv2
CVE-2021-43826
Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the ...
Envoyproxy Envoy
5
CVSSv2
CVE-2022-29228
Envoy is a cloud-native high-performance proxy. In versions before 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecodin...
Envoyproxy Envoy
5
CVSSv2
CVE-2020-25018
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
Envoyproxy Envoy
7.5
CVSSv2
CVE-2019-18802
An issue exists in Envoy 1.12.0. An untrusted remote client may send an HTTP header (such as Host) with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "ex...
Envoyproxy Envoy
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »