Envoy@1.19.0 Security Vulnerabilities and Issues — Envoy@1.19.0 CVE List

Lucene search

EnvoyproxyEnvoy1.19.0

8 matches found

CVE•added 2021/08/24 9:15 p.m.•112 views

CVE-2021-32777

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HTTP spec. However, o...

8.6CVSS8.5AI score0.0002EPSS

CVE•added 2021/08/24 9:15 p.m.•110 views

CVE-2021-32779

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with ...

8.6CVSS8.5AI score0.00035EPSS

CVE•added 2021/08/24 9:15 p.m.•96 views

CVE-2021-32781

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal...

8.6CVSS7.8AI score0.00076EPSS

CVE•added 2021/08/24 9:15 p.m.•91 views

CVE-2021-32780

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAIN...

8.6CVSS7.8AI score0.00077EPSS

CVE•added 2021/08/24 9:15 p.m.•83 views

CVE-2021-32778

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susc...

7.5CVSS6.3AI score0.0007EPSS

CVE•added 2021/09/09 10:15 p.m.•54 views

CVE-2021-39162

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted upstream servers. 0.15.1 contains an upgraded envoy binary w...

8.6CVSS8.4AI score0.00668EPSS

CVE•added 2021/09/09 11:15 p.m.•53 views

CVE-2021-39206

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authoriza...

8.6CVSS8.7AI score0.00162EPSS

CVE•added 2021/09/09 10:15 p.m.•45 views

CVE-2021-39204

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions...

7.5CVSS7.3AI score0.00407EPSS