Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-qjp3-nxby-1yew
Summary
Ill-formed headers may lead to unexpected behavior in Istio
### Impact
Ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing.

You are at most risk if you have an Istio ingress Gateway exposed to external traffic.

### Patches
1.12.8, 1.13.5, 1.14.1

### Workarounds
No.

### References
More details can be found in the [Istio Security Bulletin](https://istio.io/latest/news/security/istio-security-2022-05)

### For more information
If you have any questions or comments about this advisory, please email us at [istio-security-vulnerability-reports@googlegroups.com](mailto:istio-security-vulnerability-reports@googlegroups.com)
Aliases
0
alias CVE-2022-31045
1
alias GHSA-xwx5-5c9g-x68x
Fixed_packages
Affected_packages
0
url pkg:rpm/redhat/servicemesh@2.1.3-1?arch=el8
purl pkg:rpm/redhat/servicemesh@2.1.3-1?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4pue-fbre-zfcf
1
vulnerability VCID-835d-4cep-d3ff
2
vulnerability VCID-qjp3-nxby-1yew
3
vulnerability VCID-z5x6-xqtc-q3at
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/servicemesh@2.1.3-1%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31045.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31045.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31045
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54094
published_at 2026-04-07T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54089
published_at 2026-04-02T12:55:00Z
2
value 0.0031
scoring_system epss
scoring_elements 0.54143
published_at 2026-04-09T12:55:00Z
3
value 0.0031
scoring_system epss
scoring_elements 0.54146
published_at 2026-04-08T12:55:00Z
4
value 0.0031
scoring_system epss
scoring_elements 0.54118
published_at 2026-04-04T12:55:00Z
5
value 0.00339
scoring_system epss
scoring_elements 0.5673
published_at 2026-04-16T12:55:00Z
6
value 0.00339
scoring_system epss
scoring_elements 0.56699
published_at 2026-04-13T12:55:00Z
7
value 0.00339
scoring_system epss
scoring_elements 0.5664
published_at 2026-04-24T12:55:00Z
8
value 0.00339
scoring_system epss
scoring_elements 0.56744
published_at 2026-04-11T12:55:00Z
9
value 0.00339
scoring_system epss
scoring_elements 0.5672
published_at 2026-04-12T12:55:00Z
10
value 0.00339
scoring_system epss
scoring_elements 0.56701
published_at 2026-04-21T12:55:00Z
11
value 0.00339
scoring_system epss
scoring_elements 0.56728
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31045
2
reference_url https://github.com/istio/istio
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/istio/istio
3
reference_url https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:37Z/
url https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x
4
reference_url https://istio.io/latest/news/security/istio-security-2022-05
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:37Z/
url https://istio.io/latest/news/security/istio-security-2022-05
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31045
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31045
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2088819
reference_id 2088819
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2088819
7
reference_url https://access.redhat.com/errata/RHSA-2022:5004
reference_id RHSA-2022:5004
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5004
Weaknesses
0
cwe_id 125
name Out-of-bounds Read
description The product reads data past the end, or before the beginning, of the intended buffer.
Exploits
Severity_range_score4.0 - 9.8
Exploitability0.5
Weighted_severity8.8
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-qjp3-nxby-1yew