AVG-2321 log

Package istio
Status Fixed
Severity High
Type multiple issues
Affected 1.11.0-1
Fixed 1.11.1-1
Current 1.22.1-1 [extra-testing]
1.16.1-1 [extra]
Ticket None
Created Wed Aug 25 10:08:16 2021
Issue Severity Remote Type Description
CVE-2021-39156 High Yes Access restriction bypass
Istio before version 1.11.1 contains a remotely exploitable vulnerability where an HTTP request with #fragment in the path may bypass Istio's URI path based...
CVE-2021-39155 High Yes Access restriction bypass
A security issue has been found in Istio before version 1.11.1. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP...
CVE-2021-32781 High Yes Arbitrary code execution
Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability that affects Envoy’s decompressor, json- transcoder or grpc-web...
CVE-2021-32780 High Yes Denial of service
Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability where an untrusted upstream service could cause Envoy to...
CVE-2021-32778 High Yes Denial of service
Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability where an Envoy client opening and then resetting a large number...
CVE-2021-32777 High Yes Insufficient validation
Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability that an HTTP request with multiple value headers could do an...