Envoy@1.34.0 Security Vulnerabilities and Issues — Envoy@1.34.0 CVE List

Lucene search

EnvoyproxyEnvoy1.34.0

3 matches found

CVE•added 2025/05/07 10:15 p.m.•49 views

CVE-2025-46821

Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the * character from a set of valid characters in the URI path. As a result URI path containing the * character will not match a URI template ex...

5.3CVSS5.1AI score0.0001EPSS

CVE•added 2025/09/03 12:15 a.m.•8 views

CVE-2025-54588

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Versions 1.34.0 through 1.34.4 and 1.35.0 contain a use-after-free (UAF) vulnerability in the DNS cache, causing abnormal process termination. The vulnerability is in Envoy's Dynamic For...

7.5CVSS6.4AI score0.00008EPSS

CVE•added 2025/09/03 8:15 p.m.•5 views

CVE-2025-55162

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. When ...

8.8CVSS6.3AI score0.00006EPSS