| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-23327 | Crash in proxy protocol when command type of LOCAL in Envoy | envoyproxy | envoy | High | 7.5 | 2024-02-09 22:41:55 | Deep Dive |
| CVE-2023-35944 | Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes | envoyproxy | envoy | High | 8.2 | 2023-07-25 18:35:59 | Deep Dive |
| CVE-2023-35943 | Envoy vulnerable to CORS filter segfault when origin header is removed | envoyproxy | envoy | Medium | 6.3 | 2023-07-25 18:26:24 | Deep Dive |
| CVE-2023-35942 | Envoy's gRPC access log crash caused by the listener draining | envoyproxy | envoy | Medium | 6.5 | 2023-07-25 18:24:12 | Deep Dive |
| CVE-2023-35941 | Envoy vulnerable to OAuth2 credentials exploit with permanent validity | envoyproxy | envoy | High | 8.6 | 2023-07-25 17:40:56 | Deep Dive |
| CVE-2023-35945 | Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec | envoyproxy | envoy | High | 7.5 | 2023-07-13 20:41:16 | Deep Dive |
| CVE-2023-27496 | Envoy may crash when a redirect url without a state param is received in the oauth filter | envoyproxy | envoy | Medium | 6.5 | 2023-04-04 19:48:57 | Deep Dive |
| CVE-2023-27493 | Envoy doesn't escape HTTP header values | envoyproxy | envoy | High | 8.1 | 2023-04-04 19:46:57 | Deep Dive |
| CVE-2023-27492 | Envoy may crash when a large request body is processed in Lua filter | envoyproxy | envoy | Medium | 4.8 | 2023-04-04 18:34:44 | Deep Dive |
| CVE-2023-27491 | Envoy forwards invalid Http2/Http3 downstream headers | envoyproxy | envoy | Medium | 5.4 | 2023-04-04 18:18:23 | Deep Dive |
| CVE-2023-27488 | Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received. | envoyproxy | envoy | Medium | 5.4 | 2023-04-04 17:57:17 | Deep Dive |
| CVE-2023-27487 | Envoy client may fake the header `x-envoy-original-path` | envoyproxy | envoy | High | 8.2 | 2023-04-04 15:42:34 | Deep Dive |
| CVE-2022-29227 | Use after free in Envoy | envoyproxy | envoy | High | 7.5 | 2022-06-09 19:30:15 | Deep Dive |
| CVE-2022-29226 | Trivial authentication bypass in Envoy | envoyproxy | envoy | Critical | 10.0 | 2022-06-09 19:25:11 | Deep Dive |
| CVE-2022-29228 | Reachable assertion in Envoy | envoyproxy | envoy | High | 7.5 | 2022-06-09 19:20:13 | Deep Dive |
| CVE-2022-29225 | Zip bomb vulnerability in Envoy | envoyproxy | envoy | High | 7.5 | 2022-06-09 19:15:14 | Deep Dive |
| CVE-2022-29224 | Segmentation fault leading to crash in Envoy | envoyproxy | envoy | Medium | 5.9 | 2022-06-09 19:10:10 | Deep Dive |
| CVE-2021-43826 | Crash when tunneling TCP over HTTP in Envoy | envoyproxy | envoy | High | 7.5 | 2022-02-22 22:45:22 | Deep Dive |
| CVE-2021-43825 | Use-after-free in Envoy | envoyproxy | envoy | Medium | 6.1 | 2022-02-22 22:45:12 | Deep Dive |
| CVE-2022-21655 | Incorrect handling of internal redirects results in crash in Envoy | envoyproxy | envoy | High | 7.5 | 2022-02-22 22:40:11 | Deep Dive |