Vulnerabilities > Envoyproxy

DATE CVE VULNERABILITY TITLE RISK
2019-04-25 CVE-2019-9901 Use of Incorrectly-Resolved Name or Reference vulnerability in Envoyproxy Envoy
Envoy 1.9.0 and before does not normalize HTTP URL paths.
network
low complexity
envoyproxy CWE-706
critical
10.0
2019-04-25 CVE-2019-9900 Injection vulnerability in multiple products
When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0).
network
low complexity
envoyproxy redhat CWE-74
8.3