github.com/projectcontour/contour

Go2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/projectcontour/contourpage 1 of 1

CVE-2021-32783HIGHCVSS 8.5EG 8.5✓ Fixed in 1.17.1
2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside…
CVE-2026-41246HIGHCVSS 8.1EG 8.1✓ Fixed in 1.33.4
2026-04-23
Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modi…

Check whether github.com/projectcontour/contour is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/projectcontour/contour CVEs against the assets you own.

Start Free Scan →