CVE-2020-25017

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*
cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:16

Type Values Removed Values Added
References () https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w - Exploit, Third Party Advisory () https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w - Exploit, Third Party Advisory
References () https://groups.google.com/forum/#%21forum/envoy-security-announce - () https://groups.google.com/forum/#%21forum/envoy-security-announce -

Information

Published : 2020-10-01 17:15

Updated : 2024-11-21 05:16


NVD link : CVE-2020-25017

Mitre link : CVE-2020-25017

CVE.ORG link : CVE-2020-25017


JSON object : View

Products Affected

envoyproxy

  • envoy