-
Notifications
You must be signed in to change notification settings - Fork 4.7k
Security: envoyproxy/envoy
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Use after free when route hash policy is configured with cookie attributesGHSA-fp35-g349-h66f published
Jun 28, 2024 by yanavlasovModerate -
datadog: datadog tracer does not handle trace headers with unicode charactersGHSA-8mq4-c2v5-3h39 published
Jun 26, 2024 by alyssawilkHigh -
Crash (use-after-free) in EnvoyQuicServerStreamGHSA-hww5-43gv-35jv published
Jun 4, 2024 by phlaxModerate -
Crash due to uncaught nlohmann JSON exceptionGHSA-g979-ph9j-5gg4 published
Jun 4, 2024 by phlaxHigh -
Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response, and other componentsGHSA-xcj3-h7vf-fw26 published
Jun 4, 2024 by phlaxModerate -
Crash in EnvoyQuicServerStream::OnInitialHeadersComplete()GHSA-mgxp-7hhp-8299 published
Jun 4, 2024 by phlaxModerate -
Crash in QuicheDataReader::PeekVarInt62Length()GHSA-g9mq-6v96-cpqc published
Jun 4, 2024 by phlaxModerate -
Abnormal termination when using auto_sni with :authority header longer than 255 charactersGHSA-3mh5-6q8v-25wj published
Apr 18, 2024 by phlaxHigh -
HTTP/2: CPU exhaustion due to CONTINUATION frame floodGHSA-j654-3ccm-vfmm published
Apr 4, 2024 by phlaxModerate -
HTTP/2: memory exhaustion due to CONTINUATION frame floodGHSA-gghf-vfxp-799r published
Apr 4, 2024 by phlaxHigh