JFrog Security Research discovered a denial of service (DoS) vulnerability, CVE-2022-29225, in Envoy Proxy, an open-source edge and service proxy server, which can crash the server by exhausting memory through Brotli decompression without output buffer size limits. This vulnerability, allowing attackers to use a Brotli Zip Bomb to degrade performance or crash the Envoy process, was responsibly disclosed and has been fixed in Envoy versions 1.19.5, 1.20.4, 1.21.3, and 1.22.1. While JFrog's DevOps platform is not vulnerable to this issue, users of Envoy who cannot upgrade are advised to disable Brotli decompression as a workaround. JFrog also provides automated security scanning with JFrog Xray to help developers identify vulnerable Envoy configurations.