pkg:Go/github.com/envoyproxy/envoy

共 11 筆 CVECRITICAL1HIGH2MEDIUM7LOW1

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL10.0CVE-2019-9901EnvoyProxy Envoy Missing HTTP URL path normalization
    from 0, < 1.9.1
  • HIGH7.5CVE-2026-26308Envoy has RBAC Header Validation Bypass via Multi-Value Header Concatenation
    >= 1.37.0, < 1.37.1
  • HIGH7.5CVE-2025-54588Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults
    >= 1.35.0, < 1.35.1
  • MEDIUM6.5CVE-2025-64527Envoy crashes when JWT authentication is configured with the remote JWKS fetching
    >= 1.36.0, < 1.36.3
  • MEDIUM6.5CVE-2025-30157Envoy crashes when HTTP ext_proc processes local replies
    from 0, < 1.30.10
  • MEDIUM5.9CVE-2026-26311Envoy HTTP: filter chain execution on reset streams causing UAF crash
  • MEDIUM5.9CVE-2026-26310Crash for scoped ip address in Envoy during DNS
  • MEDIUM5.3CVE-2026-26330Envoy global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly
  • MEDIUM5.3CVE-2026-26309Envoy has an off-by-one write in JsonEscaper::escapeString()
  • MEDIUM5.0CVE-2025-66220Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte
    >= 1.36.0, < 1.36.3
  • LOW3.7CVE-2025-64763Envoy forwards early CONNECT data in TCP proxy mode
    >= 1.36.0, < 1.36.3