Vendor
CNCF
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-8661 | Hig | 0.49 | 7.5 | 0.02 | Mar 4, 2020 | CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. | ||
| CVE-2020-8664 | Med | 0.35 | 5.3 | 0.01 | Mar 4, 2020 | CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be… | ||
| CVE-2020-8660 | Med | 0.34 | 5.3 | 0.01 | Mar 4, 2020 | CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain,… |
- risk 0.49cvss 7.5epss 0.02
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
- risk 0.35cvss 5.3epss 0.01
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be…
- risk 0.34cvss 5.3epss 0.01
CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain,…