Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-01T16:39:40

Updated: 2024-08-04T15:26:09.196Z

Reserved: 2020-08-29T00:00:00

Link: CVE-2020-25017

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-10-01T17:15:13.337

Modified: 2024-11-21T05:16:31.453

Link: CVE-2020-25017

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-09-29T19:00:00Z

Links: CVE-2020-25017 - Bugzilla