PT-2020-15893 · Envoy · Envoy

Asraa

+1

·

Published

2020-10-01

·

Updated

2020-10-09

·

CVE-2020-25018

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Envoy versions between 2d69e30 and 3b5acb2
Description The issue is related to the parsing of request URLs that require host canonicalization.
Recommendations For versions between 2d69e30 and 3b5acb2, update to a version outside of this range to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2020-25018
GHSA-FWWH-FC9W-9673

Affected Products

Envoy