CVE-2023-27493

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-27493
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-27493.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-27493
Aliases
Published
2023-04-04T19:46:57.044Z
Modified
2025-12-04T23:45:04.098716Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Envoy doesn't escape HTTP header values
Details

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy’s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties.

Database specific 
{
    "cwe_ids": [
        "CWE-20"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/27xxx/CVE-2023-27493.json"
}
References

Affected packages

Git / github.com/envoyproxy/envoy

Affected ranges

Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
9184b84cd0dcb3a6c57eb44b177d91c70e1a0901
Fixed
e99d61c4596573fbea8b8a9def8b160e138a4018
Database specific 
{
    "versions": [
        {
            "introduced": "1.25.0"
        },
        {
            "fixed": "1.25.3"
        }
    ]
}
Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
15baf56003f33a07e0ab44f82f75a660040db438
Fixed
d3d04156c3b05f8b4532d44e602fdd1b430c64bb
Database specific 
{
    "versions": [
        {
            "introduced": "1.24.0"
        },
        {
            "fixed": "1.24.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
ce49c7f65668a22b80d1e83c35d170741bb8d46a
Fixed
b2064ed660934383cece8c8d60393d5b0720ae4d
Database specific 
{
    "versions": [
        {
            "introduced": "1.23.0"
        },
        {
            "fixed": "1.23.6"
        }
    ]
}
Type
GIT
Repo
https://github.com/envoyproxy/envoy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6392d12242234948b15a0fecee629f9cf8b76cee
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.22.9"
        }
    ]
}

Affected versions

v1.*

v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.18.1
v1.18.2
v1.19.0
v1.2.0
v1.20.0
v1.21.0
v1.22.0
v1.22.2
v1.22.3
v1.22.4
v1.22.5
v1.22.6
v1.22.7
v1.22.8
v1.23.0
v1.23.1
v1.23.2
v1.23.3
v1.23.4
v1.23.5
v1.24.0
v1.24.1
v1.24.2
v1.24.3
v1.25.0
v1.25.1
v1.25.2
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.8.0
v1.9.0