Cncf Envoy vulnerabilities
3 known vulnerabilities affecting cncf/envoy.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-8661HIGHCVSS 7.5≤ 1.13.02020-03-04
CVE-2020-8661 [HIGH] CWE-400 CVE-2020-8661: CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipe
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
nvd
CVE-2020-8659HIGHCVSS 7.5≤ 1.13.02020-03-04
CVE-2020-8659 [HIGH] CWE-770 CVE-2020-8659: CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.
nvd
CVE-2020-8664MEDIUMCVSS 5.3≤ 1.13.02020-03-04
CVE-2020-8664 [MEDIUM] CWE-287 CVE-2020-8664: CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Conte
CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump.
nvd