CVE-2021-32777 log

Severity High
Remote Yes
Type Insufficient validation
Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability that an HTTP request with multiple value headers could do an incomplete authorization policy check when the ext_authz extension is used. When a request header contains multiple values, the external authorization server will only see the last value of the given header.
Group Package Affected Fixed Severity Status Ticket
AVG-2321 istio 1.11.0-1 1.11.1-1 High Fixed