Go modules package
github.com/envoyproxy/gateway
pkg:golang/github.com/envoyproxy/gateway
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-22771 | — | >= 1.6.0-rc.0, < 1.6.2 | 1.6.2 | Jan 12, 2026 | Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be | ||
| CVE-2025-25294 | — | < 1.2.7 | 1.2.7 | Mar 6, 2025 | Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection atta | ||
| CVE-2025-24030 | — | < 1.2.6 | 1.2.6 | Jan 23, 2025 | Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of En |
- CVE-2026-22771Jan 12, 2026affected >= 1.6.0-rc.0, < 1.6.2fixed 1.6.2
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be
- CVE-2025-25294Mar 6, 2025affected < 1.2.7fixed 1.2.7
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection atta
- CVE-2025-24030Jan 23, 2025affected < 1.2.6fixed 1.2.6
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of En