Envoy Security Vulnerabilities and Issues — Envoy CVE List

Lucene search

EnvoyproxyEnvoy

3 matches found

CVE•added 2021/09/09 10:15 p.m.•54 views

CVE-2021-39162

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted upstream servers. 0.15.1 contains an upgraded envoy binary w...

8.6CVSS8.4AI score0.00668EPSS

CVE•added 2021/09/09 11:15 p.m.•53 views

CVE-2021-39206

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests, incorrect authoriza...

8.6CVSS8.7AI score0.00162EPSS

CVE•added 2021/09/09 10:15 p.m.•45 views

CVE-2021-39204

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions...

7.5CVSS7.3AI score0.00407EPSS