CVE-2021-29492 log

Severity High
Remote Yes
Type Authentication bypass
Envoy before version 1.18.3, and subsequently Istio before version 1.9.5, contains a remotely exploitable authorization bypass vulnerability. An attacker can potentially craft an HTTP request that defines a certain pattern of escaped characters in the URI path (such as %2F, %2f, %5C or %5c), allowing them to bypass the authorization service.
Group Package Affected Fixed Severity Status Ticket
AVG-1947 istio 1.9.2-1 1.10.0-1 Critical Fixed FS#70808