CVE-2024-53271

HIGH7.1EPSS 0.03%

HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy

Published: 12/20/2024Modified: 10/15/2025

Also known as:GHSA-rmm5-h2wv-mg4fBIT-envoy-2024-53271

Description

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue.

Affected packages (1)

Bitnami/envoy>= 1.31.0, < 1.31.5, >= 1.32.0, < 1.32.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

References (3)

WEBhttps://github.com/envoyproxy/envoy/commit/da56f6da63079baecef9183436ee5f4141a59af8
WEBhttps://github.com/envoyproxy/envoy/security/advisories/GHSA-rmm5-h2wv-mg4f
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-53271