Vulnerabilities > Envoyproxy > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-28 | CVE-2021-29492 | Path Traversal vulnerability in Envoyproxy Envoy Envoy is a cloud-native edge/middle/service proxy. | 7.5 |
| 2021-03-11 | CVE-2021-21378 | Improper Authentication vulnerability in Envoyproxy Envoy 1.17.0 Envoy is a cloud-native high-performance edge/middle/service proxy. | 8.2 |
| 2020-10-01 | CVE-2020-25018 | Unspecified vulnerability in Envoyproxy Envoy 2D69E30 Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization. | 7.5 |
| 2020-10-01 | CVE-2020-25017 | Unspecified vulnerability in Envoyproxy Envoy Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. | 8.3 |
| 2019-12-13 | CVE-2019-18838 | NULL Pointer Dereference vulnerability in Envoyproxy Envoy An issue was discovered in Envoy 1.12.0. | 7.5 |
| 2019-11-11 | CVE-2019-18836 | Infinite Loop vulnerability in multiple products Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." | 7.5 |
| 2019-10-09 | CVE-2019-15226 | Resource Exhaustion vulnerability in Envoyproxy Envoy Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. | 7.8 |
| 2019-04-25 | CVE-2019-9900 | Injection vulnerability in multiple products When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). | 8.3 |