CVE-2020-25017
N/A
N/A
Summary
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://groups.google.com/forum/#%21forum/envoy-security-announce
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w
References
- https://groups.google.com/forum/#%21forum/envoy-security-announce
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.