Filter
Envoy ProxyPotential manipulate `x-envoy` headers from external sources in envoy
6.5
First published (updated )
Envoy Proxyoghttp2 crash on OnBeginHeadersForStream in envoy
7.5
First published (updated )
Envoy ProxyMalicious log injection via access logs in envoy
6.5
First published (updated )
Envoy ProxyJwt filter crash in the clear route cache with remote JWKs in envoy
7.5
First published (updated )
Envoy ProxyEnvoy crashes for LocalReply in http async client
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Envoy ProxyEnvoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()
7.5
First published (updated )
Envoy ProxyEnvoy crashes in QuicheDataReader::PeekVarInt62Length()
7.5
First published (updated )
Envoy ProxyEnvoy affected by a crash (use-after-free) in EnvoyQuicServerStream
5.9
First published (updated )
Envoy ProxyEnvoy can crash due to uncaught nlohmann JSON exception
7.5
First published (updated )
Envoy ProxyEnvoy OOM vector from HTTP async client with unbounded response buffer for mirror response
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Envoy ProxyEnvoy can enter an endless loop while decompressing Brotli data with extra input
7.5
First published (updated )
Envoy ProxyEnvoy crashes when idle and request per try timeout occur within the backoff interval
7.5
EPSS
0.05%
First published (updated )
Envoy ProxyExcessive CPU usage when URI template matcher is configured using regex in Envoy
5.3
EPSS
0.05%
First published (updated )
Envoy ProxyEnvoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata
8.6
EPSS
0.05%
First published (updated )
Envoy ProxyEnvoy crashes when using an address type that isn’t supported by the OS
7.5
EPSS
0.05%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Envoy ProxyCrash in proxy protocol when command type of LOCAL in Envoy
7.5
EPSS
0.05%
First published (updated )
Envoy ProxyEnvoy incorrectly accepts HTTP 200 response for entering upgrade mode
8.2
First published (updated )
Apache Tomcat- Rapid Reset HTTP/2 vulnerability
First published (updated )
Envoy ProxyEnvoy vulnerable to CORS filter segfault when origin header is removed
7.5
First published (updated )
redhat/envoyEnvoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/envoyEnvoy vulnerable to HTTP/2 memory leak in nghttp2 codec
7.5
First published (updated )
redhat/envoyEnvoy's gRPC access log crash caused by the listener draining
6.5
First published (updated )
redhat/envoyEnvoy vulnerable to OAuth2 credentials exploit with permanent validity
9.8
First published (updated )
Envoy ProxyEnvoy doesn't escape HTTP header values
9.1
First published (updated )
Envoy ProxyEnvoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Envoy ProxyEnvoy may crash when a redirect url without a state param is received in the oauth filter
7.5
First published (updated )
Envoy ProxyEnvoy may crash when a large request body is processed in Lua filter
6.5
First published (updated )
Envoy ProxyEnvoy forwards invalid Http2/Http3 downstream headers
9.1
First published (updated )
Envoy ProxyEnvoy client may fake the header `x-envoy-original-path`
9.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.