VYPR

Go modules package

github.com/projectcontour/contour

pkg:golang/github.com/projectcontour/contour

Vulnerabilities (2)

  • CVE-2026-41246HigApr 23, 2026
    affected >= 1.19.0, < 1.31.6fixed 1.31.6

    Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malici

  • CVE-2021-32783Jul 23, 2021
    affected < 1.14.2fixed 1.14.2

    Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to