Envoy@* Security Vulnerabilities and Issues — Envoy@* CVE List

Lucene search

EnvoyproxyEnvoy*

3 matches found

CVE•added 2025/03/21 3:15 p.m.•92 views

CVE-2025-30157

Envoy is a cloud-native high-performance edge/middle/service proxy. Prior to 1.33.1, 1.32.4, 1.31.6, and 1.30.10, Envoy's ext_proc HTTP filter is at risk of crashing if a local reply is sent to the external server due to the filter's life time issue. A known situation is the failure of a websocket ...

7.5CVSS6.3AI score0.00004EPSS

CVE•added 2025/05/07 10:15 p.m.•49 views

CVE-2025-46821

Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the * character from a set of valid characters in the URI path. As a result URI path containing the * character will not match a URI template ex...

5.3CVSS5.1AI score0.0001EPSS

CVE•added 2025/09/03 8:15 p.m.•5 views

CVE-2025-55162

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. When ...

8.8CVSS6.3AI score0.00006EPSS