VYPR

Bitnami package

envoy

pkg:bitnami/envoy

Vulnerabilities (90)

  • CVE-2021-43825Feb 22, 2022
    affected < 1.18.6fixed 1.18.6

    Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amoun

  • CVE-2022-21655Feb 22, 2022
    affected < 1.18.6fixed 1.18.6

    Envoy is an open source edge and service proxy, designed for cloud-native applications. The envoy common router will segfault if an internal redirect selects a route configured with direct response or redirect actions. This will result in a denial of service. As a workaround turn

  • CVE-2022-21654Feb 22, 2022
    affected >= 1.7.0, < 1.18.6fixed 1.18.6

    Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used.

  • CVE-2022-21657Feb 22, 2022
    affected < 1.18.6fixed 1.18.6

    Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary ext

  • CVE-2022-21656Feb 22, 2022
    affected < 1.20.2fixed 1.20.2

    Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for ex

  • CVE-2022-23606Feb 22, 2022
    affected >= 1.20.0, < 1.20.2fixed 1.20.2

    Envoy is an open source edge and service proxy, designed for cloud-native applications. When a cluster is deleted via Cluster Discovery Service (CDS) all idle connections established to endpoints in that cluster are disconnected. A recursion was introduced in the procedure of dis

  • CVE-2021-43824Feb 22, 2022
    affected < 1.18.6fixed 1.18.6

    Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured with regex match. This provides a denial of service attack vector. The only workaro

  • CVE-2021-39206Sep 9, 2021
    affected < 1.16.5fixed 1.16.5

    Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vulnerabilities CVE-2021-32777 and CVE-2021-32779. This may lead to incorrect routing or authorization policy decisions. With specially crafted requests,

  • CVE-2021-39204Sep 9, 2021
    affected < 1.16.5fixed 1.16.5

    Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2 streams with excessive complexity. This can lead to high CPU utilization when a large number of streams are reset. This can result in a DoS condition

  • CVE-2021-39162Sep 9, 2021
    affected < 1.18.4fixed 1.18.4

    Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAWAY and SETTINGS frame are received in the same IO event. This can lead to a DoS in the presence of untrusted *upstream* servers. 0.15.1 contains an up

  • CVE-2021-32780Aug 24, 2021
    affected >= 1.18.0, < 1.18.4fixed 1.18.4

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is tr

  • CVE-2021-32781Aug 24, 2021
    affected >= 1.16.0, < 1.16.5fixed 1.16.5

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generat

  • CVE-2021-32779Aug 24, 2021
    affected >= 1.16.0, < 1.16.5fixed 1.16.5

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or simi

  • CVE-2021-32778Aug 24, 2021
    affected >= 1.16.0, < 1.16.5fixed 1.16.5

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. D

  • CVE-2021-32777Aug 24, 2021
    affected >= 1.16.0, < 1.16.5fixed 1.16.5

    Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HT

  • CVE-2021-29492May 28, 2021
    affected < 1.15.5fixed 1.15.5

    Envoy is a cloud-native edge/middle/service proxy. Envoy does not decode escaped slash sequences `%2F` and `%5C` in HTTP URL paths in versions 1.18.2 and before. A remote attacker may craft a path with escaped slashes, e.g. `/something%2F..%2Fadmin`, to bypass access control, e.g

  • CVE-2021-29258May 20, 2021
    affected >= 1.14.6, < 1.14.7fixed 1.14.7

    An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.

  • CVE-2021-28683May 20, 2021
    affected >= 1.16.2, < 1.16.3fixed 1.16.3

    An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.

  • CVE-2021-28682May 20, 2021
    affected >= 1.14.6, < 1.14.7fixed 1.14.7

    An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.

  • CVE-2021-21378Mar 11, 2021
    affected >= 1.17.0, < 1.17.1fixed 1.17.1

    Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the `allow_missing

Page 4 of 5