CVE-2020-25018

EUVD-2020-17717
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
envoyproxyenvoy
2d69e30 ≤
𝑥
< 3b5acb2
𝑥
= Vulnerable software versions
References
https://github.com/envoyproxy/envoy/security/advisories/GHSA-fwwh-fc9w-9673
https://groups.google.com/forum/#%21forum/envoy-security-announce
https://github.com/envoyproxy/envoy/security/advisories/GHSA-fwwh-fc9w-9673
https://groups.google.com/forum/#%21forum/envoy-security-announce