Envoyproxy

Envoy

110 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.49%
  • Veröffentlicht 26.06.2026 17:31:37
  • Zuletzt bearbeitet 29.06.2026 18:40:43

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation (ZstdDecompressorImpl). Whe...

Exploit
  • EPSS 0.56%
  • Veröffentlicht 26.06.2026 17:29:14
  • Zuletzt bearbeitet 29.06.2026 18:42:17

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, destructor of JSON Object results in stack overflow when deeply O(100K) nested objects are present. This vulnerabilit...

Exploit
  • EPSS 0.21%
  • Veröffentlicht 26.06.2026 17:27:57
  • Zuletzt bearbeitet 29.06.2026 18:49:25

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural flaw was identified in DefaultCertValidator::verifySubjectAltName where the extracted DNS SAN string is ...

Exploit
  • EPSS 0.22%
  • Veröffentlicht 26.06.2026 17:23:51
  • Zuletzt bearbeitet 29.06.2026 18:10:33

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt()/decrypt() functions use AES-256-CBC without an authentication tag (no HMAC, no AEA...

Exploit
  • EPSS 0.82%
  • Veröffentlicht 17.06.2026 16:58:36
  • Zuletzt bearbeitet 06.07.2026 13:40:12

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to t...

  • EPSS 0.32%
  • Veröffentlicht 10.03.2026 19:19:52
  • Zuletzt bearbeitet 11.03.2026 15:57:32

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase limit with apply_on_stream_done in the rate limit configuration is enabled and the response phase lim...

Exploit
  • EPSS 0.34%
  • Veröffentlicht 10.03.2026 19:14:41
  • Zuletzt bearbeitet 11.03.2026 16:03:58

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, a logic vulnerability in Envoy's HTTP connection manager (FilterManager) that allows for Zombie Stream Filter Execution. This issue creates a "Use-Af...

Exploit
  • EPSS 0.39%
  • Veröffentlicht 10.03.2026 19:08:22
  • Zuletzt bearbeitet 11.03.2026 16:09:31

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, calling Utility::getAddressWithPort with a scoped IPv6 addresses causes a crash. This utility is called in the data plane from the original_src filte...

Exploit
  • EPSS 0.37%
  • Veröffentlicht 10.03.2026 19:04:21
  • Zuletzt bearbeitet 11.03.2026 16:14:20

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, an off-by-one write in Envoy::JsonEscaper::escapeString() can corrupt std::string null-termination, causing undefined behavior and potentially leadin...

Exploit
  • EPSS 0.29%
  • Veröffentlicht 10.03.2026 19:01:28
  • Zuletzt bearbeitet 11.03.2026 16:23:23

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC (Role-Based Access Control) filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present fo...