GCVE - cpe:2.3:a:cncf:envoy:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cncf:envoy:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Cncf (`2ee90faf-978f-5e65-8538-ffa11f7df136`)
Product	Envoy (`70b28fef-dfd7-5b3b-b745-094274ce3c28`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:docker/envoyproxy/envoy`	purl2cpe	2026-06-01 10:18:00.126810
`pkg:github/envoyproxy/envoy`	purl2cpe	2026-06-01 10:18:00.126813
`pkg:sourceforge/envoy.mirror`	purl2cpe	2026-06-01 10:18:00.126816

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-8664`	vulnerable	2026-06-08 05:27:17.140789	Details available CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret (e.g. trusted CA) across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even though it was visible in the active config dump. Published: 2020-03-04T20:53:13.000Z Updated: 2024-08-04T10:03:46.365Z Open on db.gcve.eu Reference links https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8 https://access.redhat.com/errata/RHSA-2020:0734	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-8661`	vulnerable	2026-06-08 05:27:17.137921	Details available CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. Published: 2020-03-04T20:48:16.000Z Updated: 2024-08-04T10:03:46.322Z Open on db.gcve.eu Reference links https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7 https://access.redhat.com/errata/RHSA-2020:0734	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-8659`	vulnerable	2026-06-08 05:27:17.134788	Details available CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks. Published: 2020-03-04T20:43:55.000Z Updated: 2024-08-04T10:03:46.378Z Open on db.gcve.eu Reference links https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv https://access.redhat.com/errata/RHSA-2020:0734 https://lists.debian.org/debian-lts-announce/2022/05/msg00025.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.