| CVE-2021-31921 |
Critical |
Yes |
Authentication bypass |
Istio before version 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing... |
| CVE-2021-31920 |
High |
Yes |
Authentication bypass |
Istio before version 1.9.5 contains a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F... |
| CVE-2021-29492 |
High |
Yes |
Authentication bypass |
Envoy before version 1.18.3, and subsequently Istio before version 1.9.5, contains a remotely exploitable authorization bypass vulnerability. An attacker... |
| CVE-2021-29258 |
High |
Yes |
Denial of service |
Envoy before version 1.18.0, and subsequently Istio before version 1.9.3, contains a remotely exploitable vulnerability where an HTTP2 request with an empty... |
| CVE-2021-28683 |
High |
Yes |
Denial of service |
Envoy before version 1.18.0, and subsequently Istio before version 1.9.3, contains a remotely exploitable NULL pointer dereference and crash in TLS when an... |
| CVE-2021-28682 |
High |
Yes |
Arbitrary code execution |
Envoy before version 1.18.0, and subsequently Istio before version 1.9.3, contains a remotely exploitable integer overflow in which a very large... |