{"id":"CVE-2021-36371","details":"Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend. (2.x versions are unaffected. 1.x versions are unaffected with certain configuration settings involving prune_unreachable_routes and a wildcard Host resource.)","modified":"2025-11-14T12:06:02.593230Z","published":"2021-07-09T21:15:08.583Z","references":[{"type":"EVIDENCE","url":"https://github.com/emissary-ingress/emissary/issues/3340"},{"type":"ADVISORY","url":"https://github.com/emissary-ingress/emissary/releases/tag/v2.0.0-ea"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/emissary-ingress/emissary","events":[{"introduced":"0"},{"fixed":"00c1c766b5725bd64b3c638b84ec3af023b71a61"}]}],"versions":["0.0.0-travistest","0.0.1-travistest","0.33.0","0.33.0-rc0","0.33.0-rc1","0.33.0-rc10","0.33.0-rc2","0.33.0-rc3","0.33.0-rc4","0.33.0-rc5","0.33.0-rc6","0.33.0-rc7","0.33.0-rc8","0.33.0-rc9","0.33.1","0.33.1-rc0","0.34.0","0.34.0-rc0","0.34.0-rc1","0.34.0-rc2","0.34.0-rc6","0.34.0-rc7","0.34.1","0.34.1-rc0","0.34.1-rc1","0.34.1-rc2","0.34.1-rc3","0.34.1-rc4","0.34.2","0.34.2-rc0","0.34.2-rc1","0.34.2-rc2","0.34.2-rc3","0.34.2-rc4","0.34.2-rc5","0.34.3","0.34.3-rc1","0.34.4-rc0","0.34.4-rc3","0.34.4-rc4","0.34.4-rc5","0.35.0","0.35.0-rc0","0.35.0-rc2","0.35.0-rc3","0.35.0-rc4","0.35.0-rc5","0.35.1","0.35.1-rc0","0.35.1-rc2","0.35.1-rc3","0.35.1-rc4","0.35.2","0.35.2-rc0","0.35.2-rc1","0.35.2-rc3","0.35.3","0.35.3-rc0","0.35.3-rc1","0.35.3-rc2","0.36.0","0.36.0-rc0","0.36.0-rc1","0.36.0-rc2","0.37.0","0.37.0-rc2","0.37.0-rc3","0.37.0-rc4","0.37.1-rc0","0.37.1-rc3","0.37.1-rc5","0.38.0","0.38.0-rc0","0.39.0","0.39.0-rc0","0.39.0-rc1","0.39.0-rc2","0.39.0-rc3","0.39.0-rc4","0.40.0","0.40.0-rc1","0.40.1","0.40.1-rc1","0.40.1-rc2","0.40.2","0.40.2-rc0","0.50.0","0.50.0-ea1","0.50.0-ea2","0.50.0-ea3","0.50.0-ea4","0.50.0-ea5","0.50.0-ea6","0.50.0-ea7","0.50.0-ea7-1","0.50.0-ea7-2","0.50.0-rc0","0.50.0-rc1","0.50.0-rc2","0.50.0-rc3","0.50.0-rc4","0.50.0-rc5","0.50.0-rc6","0.50.0-rc7","0.50.0-rc8","0.50.0-tt1","0.50.0-tt2","0.50.0-tt3","0.50.0-tt4","0.50.0-tt5","0.50.1","0.50.1-rc1","0.50.1-rc2","0.50.2","0.50.2-rc0","0.50.3","0.50.3-rc0","0.51.0","0.51.0-rc0","0.51.0-rc1","0.51.1","0.51.1-rc0","0.51.2","0.51.2-rc0","0.52.0","0.52.0-rc1","0.52.0-rc2","0.52.0-rc3","0.52.1","0.52.1-rc1","0.52.1-rc2","0.53.0","0.53.0-rc1","0.53.1","0.53.1-rc1","0.60.0","0.60.0-rc0","0.60.0-rc1","0.60.0-rc2","0.60.0-rc3","0.60.02","0.60.1","0.60.1-rc0","0.60.2","0.60.2-rc0","0.60.2-rc1","0.60.3","0.60.3-rc0","0.61.0","0.61.0-rc1","0.61.0-rc2","0.61.0-rc3","0.61.1","0.61.1-rc0","0.70.0","0.70.0-rc0","0.70.1","0.70.1-rc0","0.71.0","0.71.0-rc0","0.72.0","0.72.0-rc0","0.73.0","0.73.0-rc0","0.73.0-rc1","0.74.0","0.74.0-rc0","0.74.0-rc1","0.74.0-rc2","0.74.1","0.74.1-rc0","0.74.1-rc1","0.75.0","0.75.0-rc1","0.76.0","0.76.0-rc0","0.76.1-rc0","0.76.1-rc1","0.76.1-rc2","1.11.1","aes-1.0.0-ea1","chart-v6.6.1","chart-v6.6.2","chart-v6.6.4","chart-v6.7.0","chart-v6.7.1","chart-v6.7.10","chart-v6.7.2","chart-v6.7.3","chart-v6.7.4","chart-v6.7.5","chart-v6.7.6","chart-v6.7.7","chart-v6.7.8","chart-v6.7.9","chart/v6.6.1","chart/v6.6.2","chart/v6.6.4","chart/v6.7.0","chart/v6.7.1","chart/v6.7.10","chart/v6.7.2","chart/v6.7.3","chart/v6.7.4","chart/v6.7.5","chart/v6.7.6","chart/v6.7.7","chart/v6.7.8","chart/v6.7.9","core-0.7.0","core-0.8.0","develop-pre-master2","last-release-0.50.0","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v0.10.0","v0.10.1","v0.10.10","v0.10.11","v0.10.12","v0.10.13","v0.10.14","v0.10.2","v0.10.3","v0.10.4","v0.10.5","v0.10.6","v0.10.7","v0.10.8","v0.10.9","v0.11.0","v0.11.1","v0.11.2","v0.12.0","v0.12.1","v0.13.0","v0.13.1","v0.13.2","v0.13.3","v0.13.4","v0.13.5","v0.13.6","v0.14.0","v0.14.1","v0.14.2","v0.15.0","v0.15.1","v0.15.2","v0.15.3","v0.16.0","v0.16.1","v0.16.2","v0.16.3","v0.17.0","v0.18.0","v0.18.1","v0.18.2","v0.19.0","v0.19.1","v0.19.2","v0.19.3","v0.2.0","v0.20.0","v0.20.1","v0.21.0","v0.21.1","v0.21.2","v0.22.0","v0.22.1","v0.22.2","v0.23.0","v0.23.1","v0.24.0","v0.25.0","v0.26.0","v0.26.1","v0.27.0","v0.28.0","v0.28.1","v0.28.2","v0.29.0","v0.29.1","v0.3.0","v0.3.1","v0.3.2","v0.3.3","v0.30.0","v0.30.1","v0.30.2","v0.31.0","v0.32.0","v0.32.1","v0.32.2","v0.33.0","v0.33.1","v0.34.0","v0.34.1","v0.34.2","v0.34.3","v0.35.0","v0.35.1","v0.35.2","v0.35.3","v0.36.0","v0.37.0","v0.38.0","v0.39.0","v0.4.0","v0.40.0","v0.40.1","v0.40.2","v0.5.0","v0.5.2","v0.50.0","v0.50.1","v0.50.2","v0.50.3","v0.51.0","v0.51.1","v0.51.2","v0.52.0","v0.52.1","v0.53.0","v0.53.1","v0.6.0","v0.60.0","v0.60.1","v0.60.2","v0.60.3","v0.61.0","v0.61.1","v0.61.1-rc0","v0.7.0","v0.70.0","v0.71.0","v0.72.0","v0.73.0","v0.74.0","v0.74.1","v0.75.0","v0.76.0","v0.76.1-rc1","v0.76.1-rc2","v0.77.0","v0.77.0-rc0","v0.78.0","v0.78.0-rc1","v0.78.0-rc2","v0.79.0-rc0","v0.8.0","v0.8.1","v0.8.10","v0.8.11","v0.8.12","v0.8.2","v0.8.3","v0.8.4","v0.8.5","v0.8.6","v0.8.7","v0.8.8","v0.8.9","v0.80.0","v0.80.0-rc0","v0.80.0-rc1","v0.81.0","v0.81.0-rc0","v0.82.0","v0.82.0-rc1","v0.83.0","v0.83.0-rc1","v0.83.0-rc2","v0.83.1-ea0","v0.83.1-ea1","v0.83.1-ea10","v0.83.1-ea3","v0.83.1-ea4","v0.83.1-ea5","v0.83.1-ea6","v0.83.1-ea7","v0.83.1-ea8","v0.84.0","v0.84.0-rc0","v0.84.0-rc1","v0.84.0-rc2","v0.84.1","v0.84.1-rc1","v0.85.0","v0.85.0-rc0","v0.86.0","v0.86.0-ea1","v0.86.0-ea2","v0.86.0-ea3","v0.86.0-ea4","v0.86.0-ea5","v0.86.0-rc1","v0.86.0-rc2","v0.86.0-rc3","v0.86.0-rc4","v0.86.0-rc5","v0.86.0-rc6","v0.9.0","v0.9.1","v1.0.0","v1.0.0-ea1","v1.0.0-ea10","v1.0.0-ea11","v1.0.0-ea12","v1.0.0-ea13","v1.0.0-ea14","v1.0.0-ea15","v1.0.0-ea2","v1.0.0-ea3","v1.0.0-ea4","v1.0.0-ea5","v1.0.0-ea6","v1.0.0-ea7","v1.0.0-ea8","v1.0.0-ea9","v1.0.0-rc0","v1.0.0-rc1","v1.0.0-rc4","v1.0.0-rc6","v1.1.0","v1.1.0-rc.0","v1.1.1","v1.1.1-rc.0","v1.1.1-rc.1","v1.1.1-rc.2","v1.1.1-rc.3","v1.1.1-rc.4","v1.10.0","v1.10.0-rc.0","v1.10.0-rc.1","v1.10.0-rc.2","v1.10.0-rc.3","v1.11.0","v1.11.0-rc.0","v1.11.0-rc.1","v1.11.0-rc.2","v1.11.1","v1.11.1-rc.0","v1.11.2","v1.11.2-rc.0","v1.12.0","v1.12.0-rc.0","v1.12.0-rc.1","v1.12.1","v1.12.1-rc.0","v1.12.2","v1.12.2-rc.0","v1.12.3","v1.12.3-rc.4","v1.12.4","v1.12.4-rc.0","v1.13.0","v1.13.0-rc.0","v1.13.0-rc.1","v1.13.0-rc.2","v1.13.1","v1.13.1-rc.0","v1.13.2","v1.13.2-rc.0","v1.13.3","v1.13.3-rc.0","v1.13.3-rc.3","v1.13.4","v1.13.4-rc.3","v1.13.5","v1.13.5-rc.0","v1.13.6","v1.13.6-rc.0","v1.13.6-rc.2","v1.13.6-rc.3","v1.13.6-rc.5","v1.13.6-rc.6","v1.13.7","v1.13.7-rc.5","v1.13.7-rc.6","v1.13.7-rc.7","v1.13.7-rc.8","v1.13.7-rc.9","v1.13.8","v1.13.8-rc.0","v1.13.8-rc.1","v1.2.0","v1.2.0-rc.0","v1.2.0-rc.1","v1.2.0-rc.2","v1.2.1","v1.2.1-rc.2","v1.2.2","v1.2.2-rc.0","v1.3.0","v1.3.0-rc.0","v1.3.0-rc.1","v1.3.0-rc.2","v1.3.1","v1.3.1-rc.0","v1.3.1-rc.1","v1.3.2","v1.3.2-rc.0","v1.3.2-rc.1","v1.4.0","v1.4.0-rc.0","v1.4.0-rc.1","v1.4.1","v1.4.1-rc.0","v1.4.1-rc.1","v1.4.1-rc.2","v1.4.2","v1.4.2-rc.0","v1.4.2-rc.1","v1.4.3","v1.4.3-rc.0","v1.5.0","v1.5.0-citest.1","v1.5.0-citest.2","v1.5.0-rc.0","v1.5.0-rc.1","v1.5.1","v1.5.1-rc.1","v1.5.2","v1.5.2-rc.1","v1.5.3","v1.5.3-rc.0","v1.5.3-rc.1","v1.5.4","v1.5.4-rc.0","v1.5.5","v1.5.5-rc.5","v1.6.0","v1.6.0-rc.0","v1.6.0-rc.2","v1.6.0-rc.3","v1.6.0-rc.4","v1.6.1","v1.6.1-rc.0","v1.6.1-rc.1","v1.6.1-rc.2","v1.6.2","v1.6.2-rc.0","v1.7.0","v1.7.0-rc.0","v1.7.0-rc.1","v1.7.0-rc.2","v1.7.0-rc.3","v1.7.0-rc.4","v1.7.0-rc.5","v1.7.1","v1.7.1-rc.0","v1.7.2","v1.7.2-rc.0","v1.7.2-rc.1","v1.7.2-rc.2","v1.7.3","v1.7.3-rc.2","v1.7.4","v1.7.4-rc.0","v1.7.4-rc.1","v1.8.0","v1.8.0-rc.0","v1.8.0-rc.1","v1.8.0-rc.2","v1.8.0-rc.3","v1.8.0-rc.4","v1.8.1","v1.8.1-rc.0","v1.9.0","v1.9.0-rc.0","v1.9.0-rc.1","v1.9.0-rc.2","v1.9.0-rc.3","v1.9.1","v1.9.1-rc.0","v2.0.0-rc.0","v2.0.0-rc.1","v2.0.0-rc.10","v2.0.0-rc.11","v2.0.0-rc.12","v2.0.0-rc.3","v2.0.0-rc.5","v2.0.0-rc.6","v2.0.0-rc.7","v2.0.0-rc.8","v2.0.0-rc.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36371.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}