Envoy 安全漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A security vulnerability exists in Envoy versions 1.33.12, 1.34.10, 1.35.6, 1.36.2, and prior versions, which stems from the mTLS certificate matcher incorrectly handling certificates embedded with null bytes, whic...

GHSA-MF24-CHXH-HMVJ Envoy Gateway Log Injection Vulnerability

Impact In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the attacker uses a specially crafted user-agent which performs json injection, then he could add and overwrite fields to th...

CVE-2025-25294 Envoy Gateway Log Injection Vulnerability

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...

CVE-2025-25294 Envoy Gateway Log Injection Vulnerability

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...

CVE-2025-24030

A flaw was found in Envoy Gateway. This vulnerability allows a user with access to a Kubernetes cluster where Envoy Gateway is installed to use a path traversal attack to execute Envoy Admin interface commands on proxies managed by Envoy Gateway. The admin interface can terminate the Envoy proces...