Envoy@1.14.0 Security Vulnerabilities and Issues — Envoy@1.14.0 CVE List

Lucene search

EnvoyproxyEnvoy1.14.0

3 matches found

CVE•added 2020/07/01 3:15 p.m.•95 views

CVE-2020-8663

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.

7.5CVSS7.4AI score0.00105EPSS

CVE•added 2020/07/14 10:15 p.m.•73 views

CVE-2020-15104

In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For example, with a SAN of *.example.com, Envoy would incorrectly allow nested.subdomain.example.com, whe...

5.5CVSS5.2AI score0.00116EPSS

CVE•added 2020/10/01 5:15 p.m.•59 views

CVE-2020-25017

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.

8.3CVSS8.1AI score0.00053EPSS