Vulnerabilidades em envoyproxy
74 resultadosCVE-2024-30255MEDIUMHTTP/2: CPU exhaustion due to CONTINUATION frame floodEPSS 87.8%CVE-2024-27919HIGHHTTP/2: memory exhaustion due to CONTINUATION frame floodEPSS 86.7%CVE-2021-29492HIGHBypass of path matching rules using escaped slash charactersEPSS 68.4%CVE-2021-32777HIGHIncorrect concatenation of multiple value request headers in ext-authz extensionEPSS 3.3%CVE-2021-21378HIGHJWT authentication bypass with unknown issuer tokenEPSS 1.7%CVE-2022-29225HIGHZip bomb vulnerability in EnvoyEPSS 1.4%CVE-2021-32781HIGHContinued processing of requests after locally generated responseEPSS 1.3%CVE-2021-32780HIGHIncorrect handling of H/2 GOAWAY followed by SETTINGS framesEPSS 1.2%CVE-2021-32778MEDIUMExcessive CPU utilization when closing HTTP/2 streamsEPSS 1.2%CVE-2022-29226CRITICALTrivial authentication bypass in EnvoyEPSS 1.2%CVE-2022-29228HIGHReachable assertion in EnvoyEPSS 1.2%CVE-2022-21655HIGHIncorrect handling of internal redirects results in crash in EnvoyEPSS 1.1%CVE-2022-29227HIGHUse after free in EnvoyEPSS 1.1%CVE-2023-35945HIGHEnvoy vulnerable to HTTP/2 memory leak in nghttp2 codecEPSS 1.1%CVE-2022-21654HIGHIncorrect configuration handling allows TLS session re-use without re-validation in EnvoyEPSS 1.1%CVE-2021-43826HIGHCrash when tunneling TCP over HTTP in EnvoyEPSS 1.0%CVE-2021-43824HIGHNull pointer dereference in envoyEPSS 1.0%CVE-2022-23606MEDIUMCrash when a cluster is deleted in EnvoyEPSS 1.0%CVE-2021-32779HIGHIncorrectly handling of URI '#fragment' element as part of the path elementEPSS 0.9%CVE-2022-29224MEDIUMSegmentation fault leading to crash in EnvoyEPSS 0.9%