Vulnerabilities > Projectcontour

DATE CVE VULNERABILITY TITLE RISK
2023-10-10 CVE-2023-44487 Resource Exhaustion vulnerability in multiple products
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
7.5
2021-07-23 CVE-2021-32783 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Projectcontour Contour
Contour is a Kubernetes ingress controller using Envoy proxy.
network
low complexity
projectcontour CWE-610
5.5
2020-08-05 CVE-2020-15127 Missing Authentication for Critical Function vulnerability in Projectcontour Contour
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane.
network
low complexity
projectcontour CWE-306
5.0