Lukefr09

**Name of the Vulnerable Software and Affected Versions** Envoy versions prior to 1.33.0 **Description** A weakness in the Query Parameter Handler component allows for injection. The issue resides in the `params.add()` function within the `source/extensions/filters/http/header mutation/header mutation.cc` file, which can be exploited remotely. **Recommendations** Install the patch f8f4f1e02fdc64ecd4acf2d903208dd7285ad3a4. As a temporary workaround, restrict the use of the `params.add()` function in the header mutation filter.