CVE-2020-25017

Published October 1st, 2020

View on NVD ↗

CVSS v3

8.3

HIGH

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.

envoyproxy/envoy

Cloud-native high-performance edge/middle/service proxy

GitHub

28.3K