Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-25017

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.

  • Published: Oct 1, 2020
  • Updated: Apr 14, 2023
  • CVE: CVE-2020-25017
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.3
  • AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
envoyproxy / envoy 1.13.0 1.13.4
envoyproxy / envoy 1.14.0 1.14.4
envoyproxy / envoy 1.15.0 1.15.1
envoyproxy / envoy - 1.12.7