| CVE-2021-39156 |
High |
Yes |
Access restriction bypass |
Istio before version 1.11.1 contains a remotely exploitable vulnerability where an HTTP request with #fragment in the path may bypass Istio's URI path based... |
| CVE-2021-39155 |
High |
Yes |
Access restriction bypass |
A security issue has been found in Istio before version 1.11.1. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP... |
| CVE-2021-32781 |
High |
Yes |
Arbitrary code execution |
Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability that affects Envoy’s decompressor, json- transcoder or grpc-web... |
| CVE-2021-32780 |
High |
Yes |
Denial of service |
Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability where an untrusted upstream service could cause Envoy to... |
| CVE-2021-32778 |
High |
Yes |
Denial of service |
Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability where an Envoy client opening and then resetting a large number... |
| CVE-2021-32777 |
High |
Yes |
Insufficient validation |
Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability that an HTTP request with multiple value headers could do an... |