CVE-2020-35470

HIGH8.8EPSS 0.78%

Published: 3/6/2024Modified: 4/3/2025

Also known as:BIT-envoy-2020-35470

Description

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).

Affected packages (1)

Bitnami/envoyfrom 0, < 1.16.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

WEBhttps://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1
WEBhttps://github.com/envoyproxy/envoy/issues/14087
WEBhttps://github.com/envoyproxy/envoy/pull/14131
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-35470