Cncf Envoy
By the Year
In 2024 there have been 0 vulnerabilities in Cncf Envoy . Envoy did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 3 | 6.77 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Envoy vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cncf Envoy Security Vulnerabilities
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e
CVE-2020-8659
7.5 - High
- March 04, 2020
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.
Allocation of Resources Without Limits or Throttling
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
CVE-2020-8661
7.5 - High
- March 04, 2020
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
Resource Exhaustion
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context
CVE-2020-8664
5.3 - Medium
- March 04, 2020
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the static part of the validation context to be not applied, even though it was visible in the active config dump.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cncf Envoy or by Cncf? Click the Watch button to subscribe.
