Vulnerabilidades em envoyproxy
74 resultadosCVE-2023-27491MEDIUMEnvoy forwards invalid Http2/Http3 downstream headersEPSS 0.9%CVE-2021-43825MEDIUMUse-after-free in EnvoyEPSS 0.9%CVE-2022-21656HIGHX.509 subjectAltName matching bypass in EnvoyEPSS 0.8%CVE-2023-27496MEDIUMEnvoy may crash when a redirect url without a state param is received in the oauth filterEPSS 0.8%CVE-2024-23325HIGHEnvoy crashes when using an address type that isn’t supported by the OSEPSS 0.8%CVE-2023-35942MEDIUMEnvoy's gRPC access log crash caused by the listener drainingEPSS 0.7%CVE-2023-27488MEDIUMEnvoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.EPSS 0.7%CVE-2023-35941HIGHEnvoy vulnerable to OAuth2 credentials exploit with permanent validityEPSS 0.7%CVE-2024-23327HIGHCrash in proxy protocol when command type of LOCAL in EnvoyEPSS 0.7%CVE-2024-32975MEDIUMEnvoy crashes in QuicheDataReader::PeekVarInt62Length()EPSS 0.7%CVE-2024-32974MEDIUMEnvoy affected by a crash in EnvoyQuicServerStream::OnInitialHeadersComplete()EPSS 0.7%CVE-2024-53270HIGHHTTP/1: sending overload crashes when the request is reset beforehand in envoyEPSS 0.7%CVE-2023-27492MEDIUMEnvoy may crash when a large request body is processed in Lua filterEPSS 0.7%CVE-2024-32475HIGHEnvoy RELEASE_ASSERT using auto_sni with :authority header > 255 bytesEPSS 0.7%CVE-2024-23322HIGHEnvoy crashes when idle and request per try timeout occur within the backoff intervalEPSS 0.7%CVE-2024-32976HIGHEnvoy can enter an endless loop while decompressing Brotli data with extra inputEPSS 0.7%CVE-2024-34363HIGHEnvoy can crash due to uncaught nlohmann JSON exceptionEPSS 0.7%CVE-2024-53269MEDIUMHappy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoyEPSS 0.7%CVE-2024-39305MEDIUMEnvoy Proxy use after free when route hash policy is configured with cookie attributesEPSS 0.6%CVE-2024-45810MEDIUMEnvoy crashes for LocalReply in http async clientEPSS 0.6%