CVE-2020-35470

HIGH8.8EPSS 0.78%

發布日:2024/3/6修改日:2025/4/3

也稱為:BIT-envoy-2020-35470

描述

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).

受影響套件(1)

Bitnami/envoyfrom 0, < 1.16.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

WEBhttps://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1
WEBhttps://github.com/envoyproxy/envoy/issues/14087
WEBhttps://github.com/envoyproxy/envoy/pull/14131
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-35470