VYPR
High severity7.5NVD Advisory· Published Sep 9, 2021· Updated Jun 17, 2026

CVE-2021-39204

CVE-2021-39204

Description

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition. Pomerium versions 0.14.8 and 0.15.1 contain an upgraded envoy binary with this vulnerability patched.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/pomerium/pomeriumGo
< 0.14.80.14.8
github.com/pomerium/pomeriumGo
>= 0.15.0, < 0.15.10.15.1

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.