Vulnerabilities > Envoyproxy > Envoy > 1.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-13 | CVE-2019-18802 | Unspecified vulnerability in Envoyproxy Envoy An issue was discovered in Envoy 1.12.0. | 9.8 |
| 2019-12-13 | CVE-2019-18801 | Out-of-bounds Write vulnerability in Envoyproxy Envoy An issue was discovered in Envoy 1.12.0. | 9.8 |
| 2019-10-09 | CVE-2019-15226 | Resource Exhaustion vulnerability in Envoyproxy Envoy Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. | 7.8 |
| 2019-08-19 | CVE-2019-15225 | Allocation of Resources Without Limits or Throttling vulnerability in Envoyproxy Envoy In Envoy through 1.11.1, users may configure a route to match incoming path headers via the libstdc++ regular expression implementation. | 5.0 |
| 2019-04-25 | CVE-2019-9901 | Use of Incorrectly-Resolved Name or Reference vulnerability in Envoyproxy Envoy Envoy 1.9.0 and before does not normalize HTTP URL paths. | 10.0 |
| 2019-04-25 | CVE-2019-9900 | Injection vulnerability in multiple products When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). | 8.3 |