CVE-2020-25017

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoys setCopy() header map API does not replace all existing occurences of a non-inline header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
envoyproxyenvoy
𝑥
< 1.12.7
envoyproxyenvoy
1.13.0 ≤
𝑥
< 1.13.4
envoyproxyenvoy
1.14.0 ≤
𝑥
< 1.14.4
envoyproxyenvoy
1.15.0 ≤
𝑥
< 1.15.1
𝑥
= Vulnerable software versions
References
https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w
https://groups.google.com/forum/#%21forum/envoy-security-announce
https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w
https://groups.google.com/forum/#%21forum/envoy-security-announce