4 matches found
CVE-2025-46821
Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the character from a set of valid characters in the URI path. As a result URI path containing the character will not match a URI template...
CVE-2025-46821
Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the character from a set of valid characters in the URI path. As a result URI path containing the character will not match a URI template...
PT-2025-20297 · Envoy · Envoy
Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.34.1 Envoy versions prior to 1.33.3 Envoy versions prior to 1.32.6 Envoy versions prior to 1.31.8 Description: The issue arises from Envoy's URI template matcher incorrectly excluding the character from a set of vali...
CVE-2024-23323 Excessive CPU usage when URI template matcher is configured using regex in Envoy
Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and...