Envoy@1.31.0 Security Vulnerabilities and Issues — Envoy@1.31.0 CVE List

Lucene search

EnvoyproxyEnvoy1.31.0

8 matches found

CVE•added 2024/09/20 12:15 a.m.•99 views

CVE-2024-45810

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling sendLocalReply under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the sendLocalReply() in http async client, one...

7.5CVSS7AI score0.00046EPSS

CVE•added 2024/09/20 12:15 a.m.•90 views

CVE-2024-45806

Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's default configuration of...

6.5CVSS6.8AI score0.00331EPSS

CVE•added 2024/12/18 8:15 p.m.•77 views

CVE-2024-53270

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions sendOverloadError is going to assume the active request exists when envoy.load_shed_points.http1_server_abort_dispatch is configured. If active_request is nullptr, only onMessageBeginImpl() is called. However, ...

7.5CVSS7.4AI score0.00011EPSS

CVE•added 2024/09/20 12:15 a.m.•72 views

CVE-2024-45809

Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clear_route_cache is enabled on the provider; 3. header oper...

7.5CVSS6.1AI score0.00136EPSS

CVE•added 2024/09/20 12:15 a.m.•58 views

CVE-2024-45808

Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is achieved by exploiting the lack of validation for the REQUESTED_SERVER_NAME field for access logger...

6.5CVSS6.7AI score0.00027EPSS

CVE•added 2024/12/18 8:15 p.m.•44 views

CVE-2024-53269

Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to u...

7.5CVSS4.7AI score0.00004EPSS

CVE•added 2024/12/18 8:15 p.m.•42 views

CVE-2024-53271

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrad...

7.1CVSS6.9AI score0.00004EPSS

CVE•added 2024/09/20 12:15 a.m.•38 views

CVE-2024-45807

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy will...

7.5CVSS7.5AI score0.0002EPSS