VYPR

Bitnami package

contour

pkg:bitnami/contour

Vulnerabilities (5)

  • CVE-2026-41246HigApr 23, 2026
    affected >= 1.19.0, < 1.31.6fixed 1.31.6

    Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malici

  • CVE-2024-36539Jul 24, 2024
    affected >= 1.28.3, < 1.28.4fixed 1.28.4

    Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

  • CVE-2023-44487HigKEVOct 10, 2023
    affected < 1.24.6fixed 1.24.6

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2021-32783Jul 23, 2021
    affected < 1.17.1fixed 1.17.1

    Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to

  • CVE-2020-15127Aug 5, 2020
    affected < 1.7.0fixed 1.7.0

    In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown pro