Security: envoyproxy/envoy
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Abnormal termination when using auto_sni with :authority header longer than 255 charactersGHSA-3mh5-6q8v-25wj published
Apr 18, 2024 by phlaxHigh -
HTTP/2: CPU exhaustion due to CONTINUATION frame floodGHSA-j654-3ccm-vfmm published
Apr 4, 2024 by phlaxModerate -
HTTP/2: memory exhaustion due to CONTINUATION frame floodGHSA-gghf-vfxp-799r published
Apr 4, 2024 by phlaxHigh -
Excessive CPU usage when URI template matcher is configured using regexGHSA-x278-4w4x-r7ch published
Feb 9, 2024 by phlaxModerate -
Envoy crashes when idle and request per try timeout occur within the backoff intervalGHSA-6p83-mfmh-qv38 published
Feb 9, 2024 by phlaxModerate -
Crash in proxy protocol when command type of LOCALGHSA-4h5x-x9vh-m29j published
Feb 9, 2024 by phlaxHigh -
Envoy crashes when using an address type that isn’t supported by the OSGHSA-5m7c-mrwr-pm26 published
Feb 9, 2024 by phlaxHigh -
Ext_authz can be bypassed when Proxy protocol filter sets invalid UTF-8 metadataGHSA-gq3v-vvhj-96j6 published
Feb 9, 2024 by phlaxHigh -
HTTP/2 "Rapid Reset" DoS VulnerabilityGHSA-jhv4-f7mr-xx76 published
Oct 10, 2023 by yanavlasovHigh -
OAuth2 credentials exploit with permanent validityGHSA-7mhv-gr67-hq55 published
Jul 25, 2023 by phlaxHigh