CVE-2025-47911 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-27

CVE-2025-47911 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-27. A patched version of the package is available...

CVE-2021-36371

Emissary-Ingress formerly Ambassador API Gateway through 1.13.9 allows attackers to bypass client certificate requirements i.e., mTLS certrequired on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate...

AZL-34545 CVE-2023-44487 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-15

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Emissary-Ingress Trust Management Issues Vulnerability

Emissary-Ingress is an open source, Kubernetes-native API gateway for microservices built with Envoy agents. Emissary-Ingress suffers from a trust management issue vulnerability that can be exploited by an attacker to bypass client certificate requirements on the back-end upstream...