Filters
Versions
1.29.0
16
1.19.0
14
1.28.0
12
1.24.0
11
1.25.0
11
1.30.0
11
1.23.0
10
1.26.0
10
1.18.0
9
1.17.0
8
1.20.0
7
1.21.0
6
1.27.0
6
1.16.0
5
1.31.0
5
1.12.4
4
1.13.0
4
1.13.2
4
1.14.2
4
1.12.1
3
1.14.0
3
1.16.2
3
1.17.1
3
1.9.0
3
1.11.1
2
1.14.6
2
1.15.3
2
1.7.0
2
1.0.0
1
1.1.0
1
1.10.0
1
1.11.0
1
1.11.2
1
1.12.0
1
1.14.1
1
1.15.0
1
1.16.4
1
1.2.0
1
1.24.10
1
1.25.9
1
1.26.4
1
1.3.0
1
1.4.0
1
1.5.0
1
1.6.0
1
1.7.1
1
1.8.0
1
1.9.1
1
2d69e30
1
Envoyproxy EnvoyPotential manipulate `x-envoy` headers from external sources in envoy
6.5
First published (updated )
Envoyproxy Envoyoghttp2 crash on OnBeginHeadersForStream in envoy
7.5
First published (updated )
Envoyproxy EnvoyMalicious log injection via access logs in envoy
6.5
First published (updated )
Envoyproxy EnvoyJwt filter crash in the clear route cache with remote JWKs in envoy
7.5
First published (updated )
Envoyproxy EnvoyEnvoy crashes for LocalReply in http async client
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Envoyproxy EnvoyEnvoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()
7.5
First published (updated )
Envoyproxy EnvoyEnvoy crashes in QuicheDataReader::PeekVarInt62Length()
7.5
First published (updated )
Envoyproxy EnvoyEnvoy affected by a crash (use-after-free) in EnvoyQuicServerStream
5.9
First published (updated )
Envoyproxy EnvoyEnvoy can crash due to uncaught nlohmann JSON exception
7.5
First published (updated )
Envoyproxy EnvoyEnvoy OOM vector from HTTP async client with unbounded response buffer for mirror response
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Envoyproxy EnvoyEnvoy can enter an endless loop while decompressing Brotli data with extra input
7.5
First published (updated )
Envoyproxy EnvoyEnvoy crashes when idle and request per try timeout occur within the backoff interval
7.5
EPSS
0.05%
First published (updated )
Envoyproxy EnvoyExcessive CPU usage when URI template matcher is configured using regex in Envoy
5.3
EPSS
0.05%
First published (updated )
Envoyproxy EnvoyEnvoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata
8.6
EPSS
0.05%
First published (updated )
Envoyproxy EnvoyEnvoy crashes when using an address type that isn’t supported by the OS
7.5
EPSS
0.05%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Envoyproxy EnvoyCrash in proxy protocol when command type of LOCAL in Envoy
7.5
EPSS
0.05%
First published (updated )
Envoyproxy EnvoyEnvoy incorrectly accepts HTTP 200 response for entering upgrade mode
8.2
First published (updated )
Apache Tomcat- Rapid Reset HTTP/2 vulnerability
First published (updated )
Envoyproxy EnvoyEnvoy vulnerable to CORS filter segfault when origin header is removed
7.5
First published (updated )
Envoyproxy EnvoyEnvoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/envoyEnvoy vulnerable to HTTP/2 memory leak in nghttp2 codec
7.5
First published (updated )
Envoyproxy EnvoyEnvoy's gRPC access log crash caused by the listener draining
6.5
First published (updated )
Envoyproxy EnvoyEnvoy vulnerable to OAuth2 credentials exploit with permanent validity
9.8
First published (updated )
Envoyproxy EnvoyEnvoy doesn't escape HTTP header values
9.1
First published (updated )
Envoyproxy EnvoyEnvoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Envoyproxy EnvoyEnvoy may crash when a redirect url without a state param is received in the oauth filter
7.5
First published (updated )
Envoyproxy EnvoyEnvoy may crash when a large request body is processed in Lua filter
6.5
First published (updated )
Envoyproxy EnvoyEnvoy forwards invalid Http2/Http3 downstream headers
9.1
First published (updated )
Envoyproxy EnvoyEnvoy client may fake the header `x-envoy-original-path`
9.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/servicemesh-proxyTrivial authentication bypass in Envoy
10
First published (updated )
redhat/servicemesh-proxySegmentation fault leading to crash in Envoy
5.9
First published (updated )
Envoyproxy EnvoyX.509 Extended Key Usage and Trust Purposes bypass in Envoy
6.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Envoyproxy EnvoyX.509 subjectAltName matching bypass in Envoy
7.4
First published (updated )
Envoyproxy EnvoyCrash when a cluster is deleted in Envoy
6.5
First published (updated )
redhat/envoyIncorrect handling of internal redirects results in crash in Envoy
7.5
First published (updated )
redhat/envoyIncorrect configuration handling allows TLS session re-use without re-validation in Envoy
9.8
First published (updated )
Envoyproxy EnvoyCrash when tunneling TCP over HTTP in Envoy
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Envoyproxy EnvoyIncorrect Authorization with specially crafted requests
8.6
First published (updated )
Envoyproxy EnvoyIncorrect handling of H2 GOAWAY + SETTINGS frames
8.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Envoyproxy EnvoyIncorrect handling of H/2 GOAWAY followed by SETTINGS frames
8.6
First published (updated )
Envoyproxy EnvoyContinued processing of requests after locally generated response
8.6
First published (updated )
Envoyproxy EnvoyIncorrectly handling of URI '#fragment' element as part of the path element
8.6
First published (updated )
Envoyproxy EnvoyExcessive CPU utilization when closing HTTP/2 streams
7.5
First published (updated )
Envoyproxy EnvoyIncorrect concatenation of multiple value request headers in ext-authz extension
8.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.