Vulnerabilities > Envoyproxy
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-25 | CVE-2019-9901 | Use of Incorrectly-Resolved Name or Reference vulnerability in Envoyproxy Envoy Envoy 1.9.0 and before does not normalize HTTP URL paths. | 10.0 |
2019-04-25 | CVE-2019-9900 | Injection vulnerability in multiple products When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). | 8.3 |