Envoyproxy

Envoy

110 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.58%
  • Veröffentlicht 26.06.2026 18:03:05
  • Zuletzt bearbeitet 08.07.2026 20:16:50

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter (envoy.filters.http.oauth2) can leave an in-flight async token exchange attached to a downstream stream...

Exploit
  • EPSS 0.67%
  • Veröffentlicht 26.06.2026 18:02:17
  • Zuletzt bearbeitet 30.06.2026 03:20:24

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTED_SERVER_NAME(X:Y)% is used in log format and host related options is specified, like HOST_FIRST, SNI_FIRST,...

Exploit
  • EPSS 0.39%
  • Veröffentlicht 26.06.2026 18:01:07
  • Zuletzt bearbeitet 29.06.2026 18:21:30

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) vulnerability leading to a sudden segmentation fault exists in Envoy's ext_authz HTTP filter w...

  • EPSS 0.22%
  • Veröffentlicht 26.06.2026 17:59:38
  • Zuletzt bearbeitet 27.06.2026 20:09:48

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, PROXY Protocol v2 header generator emits TLVs beyond the maximum length of 65535 bytes, causing a mismatch b...

Exploit
  • EPSS 0.44%
  • Veröffentlicht 26.06.2026 17:52:27
  • Zuletzt bearbeitet 27.06.2026 20:20:41

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, Envoy crashes if an ext_proc server sends a single gRPC message containing multiple, specially crafted Proce...

  • EPSS 0.61%
  • Veröffentlicht 26.06.2026 17:38:23
  • Zuletzt bearbeitet 29.06.2026 18:34:15

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, a vulnerability exists in Envoy's TCP StatsD sink (TcpStatsdSink), where the thread-local flusher buffer can...

Exploit
  • EPSS 0.45%
  • Veröffentlicht 26.06.2026 17:37:17
  • Zuletzt bearbeitet 29.06.2026 14:16:53

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the envoy.filters.http.grpc_stats filter crashes (null pointer dereference / segfault) when a Connect protoc...

Exploit
  • EPSS 0.45%
  • Veröffentlicht 26.06.2026 17:35:29
  • Zuletzt bearbeitet 27.06.2026 20:17:07

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vulnerability when handling HTTP 303 (See Other) inter...

Exploit
  • EPSS 0.3%
  • Veröffentlicht 26.06.2026 17:34:22
  • Zuletzt bearbeitet 29.06.2026 18:27:36

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream HTTP/3 request that is complete at the transport layer (HEADERS with FIN / headers-o...

  • EPSS 0.41%
  • Veröffentlicht 26.06.2026 17:32:58
  • Zuletzt bearbeitet 29.06.2026 18:36:40

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or ...