Exposure of Envoy
Reverse proxies36
exposure score
95,685
sites use
0
exploited
1
critical
CVEs
78 resultsCVE-2024-30255MEDIUMHTTP/2: CPU exhaustion due to CONTINUATION frame floodEPSS 87.8%CVE-2024-27919HIGHHTTP/2: memory exhaustion due to CONTINUATION frame floodEPSS 86.7%CVE-2021-29492HIGHBypass of path matching rules using escaped slash charactersEPSS 68.4%CVE-2021-32777HIGHIncorrect concatenation of multiple value request headers in ext-authz extensionEPSS 3.3%CVE-2024-21879HIGHURL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225EPSS 2.5%CVE-2024-21880HIGHURL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway version 4.x <= 7.xEPSS 2.3%CVE-2021-21378HIGHJWT authentication bypass with unknown issuer tokenEPSS 1.7%CVE-2024-21878HIGHCommand Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.x to and including 8.xEPSS 1.4%CVE-2022-29225HIGHZip bomb vulnerability in EnvoyEPSS 1.4%CVE-2021-32781HIGHContinued processing of requests after locally generated responseEPSS 1.3%CVE-2021-32780HIGHIncorrect handling of H/2 GOAWAY followed by SETTINGS framesEPSS 1.2%CVE-2021-32778MEDIUMExcessive CPU utilization when closing HTTP/2 streamsEPSS 1.2%CVE-2022-29226CRITICALTrivial authentication bypass in EnvoyEPSS 1.2%CVE-2022-29228HIGHReachable assertion in EnvoyEPSS 1.2%CVE-2022-21655HIGHIncorrect handling of internal redirects results in crash in EnvoyEPSS 1.1%CVE-2022-29227HIGHUse after free in EnvoyEPSS 1.1%CVE-2023-33869MEDIUMEnphase Envoy OS Command InjectionEPSS 1.1%CVE-2023-35945HIGHEnvoy vulnerable to HTTP/2 memory leak in nghttp2 codecEPSS 1.1%CVE-2022-21654HIGHIncorrect configuration handling allows TLS session re-use without re-validation in EnvoyEPSS 1.1%CVE-2021-43826HIGHCrash when tunneling TCP over HTTP in EnvoyEPSS 1.0%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →