>This template is for public disclosure of CVE details on Envoy's GitHub. It should be filed
with the public release of a security patch version, and will be linked to in the announcement sent
to envoy-security-announce@googlegroups.com. The title of this issue should be the CVE identifier
and it should have the `security` label applied.

# CVE-YEAR-ABCDEF

## Brief description

>Brief description used when filing CVE.

## CVSS

>[$CVSSSTRING]($CVSSURL)($CVSSSCORE, $SEVERITY)

## Affected version(s)

>Envoy x.y.z and before.

## Affected component(s)

>List affected internal components and features.

## Attack vector(s)

>How would an attacker use this?

## Discover(s)/Credits

>Individual and optional organization.

## Example exploit or proof-of-concept

>If there is proof-of-concept or example, provide a concrete example.

## Details

>Deep dive into the defect. This should be detailed enough to maintain a record for posterity while
being clear and concise.

## Mitigations

>Are there configuration or CLI options that can be used to mitigate?

## Detection

>How can exploitation of this bug be detected in existing and future Envoy versions? E.g. access logs.

## References

* CVE: $CVEURL
>Any other public information.