Description
Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters).
Remediation
References
Related Vulnerabilities
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9046)
WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.1)
Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1336)
Oracle JRE CVE-2018-2794 Vulnerability (CVE-2018-2794)
WordPress Plugin WP HTML Author Bio Cross-Site Scripting (1.2.0)