|CVSS Impact Score||8.3 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L|
|Affected Releases||1.6 to 1.6.10|
1.7 to 1.7.2
Envoy, and subsequently Istio, is vulnerable to a newly discovered vulnerability:
In some cases, Envoy only considers the first value when multiple headers are present. Also, Envoy does not replace all existing occurrences of a non-inline header.
- CVSS Score: 8.3 AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
- For Istio 1.6.x deployments: update to Istio 1.6.11 or later.
- For Istio 1.7.x deployments: update to Istio 1.7.3 or later.
We’d like to remind our community to follow the vulnerability reporting process to report any bug that can result in a security vulnerability.