CVE-2020-25017

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
envoyproxyenvoy
𝑥
< 1.12.7
envoyproxyenvoy
1.13.0 ≤
𝑥
< 1.13.4
envoyproxyenvoy
1.14.0 ≤
𝑥
< 1.14.4
envoyproxyenvoy
1.15.0 ≤
𝑥
< 1.15.1
𝑥
= Vulnerable software versions
References
https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w
https://groups.google.com/forum/#%21forum/envoy-security-announce
https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w
https://groups.google.com/forum/#%21forum/envoy-security-announce