Description
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Mobile Pack Information Disclosure (2.0.1)
MySQL CVE-2012-3144 Vulnerability (CVE-2012-3144)
WordPress Plugin Newsletters Cross-Site Scripting (4.6.18)
PHP Other Vulnerability (CVE-2015-4602)
WordPress Plugin Export any WordPress data to XML/CSV Cross-Site Scripting (1.3.0)