Search for packages
| purl | pkg:github/istio/istio@1.17.2 |
| Next non-vulnerable version | 1.18.0-alpha.0 |
| Latest non-vulnerable version | 1.19.0-alpha.0 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6y3x-kyj7-aaaf
Aliases: CVE-2023-44487 GHSA-qppj-fm5r-hxr3 VSV00013 |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-bktx-3fbw-aaag
Aliases: CVE-2023-35945 |
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11. |
Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-djk7-dd9y-aaaf
Aliases: CVE-2023-35941 |
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-h5gd-ykr6-aaag
Aliases: CVE-2023-35942 |
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-te2m-j4fe-aaaj
Aliases: CVE-2023-39325 GHSA-4374-p667-p6c8 |
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-wz85-a7wk-aaaj
Aliases: CVE-2023-35944 |
Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests with mixed-case schemes such as `htTp` or `htTps`, or the bypassing of some requests such as `https` in unencrypted connections. With a fix in versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, Envoy will now lowercase scheme values by default, and change the internal scheme checks that were case-sensitive to be case-insensitive. There are no known workarounds for this issue. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-ytys-pthg-aaam
Aliases: CVE-2023-35943 |
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-areg-zn1d-aaaj | Multiple CVEs reported by Envoy. |
CVE-2023-27492
|
| VCID-e3es-g515-aaac | Multiple CVEs reported by Envoy. |
CVE-2023-27491
|
| VCID-m38c-y5uy-aaag | Multiple CVEs reported by Envoy. |
CVE-2023-27487
|
| VCID-rn3g-fz72-aaaa | Multiple CVEs reported by Envoy. |
CVE-2023-27496
|
| VCID-tnym-eg8u-aaaj | Multiple CVEs reported by Envoy. |
CVE-2023-27493
|
| VCID-v88p-ard2-aaaq | Multiple CVEs reported by Envoy. |
CVE-2023-27488
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-20T19:34:01.952003+00:00 | Istio Importer | Affected by | VCID-te2m-j4fe-aaaj | None | 36.1.3 |
| 2025-06-20T19:33:58.853714+00:00 | Istio Importer | Affected by | VCID-6y3x-kyj7-aaaf | None | 36.1.3 |
| 2025-06-20T19:33:55.562664+00:00 | Istio Importer | Affected by | VCID-wz85-a7wk-aaaj | None | 36.1.3 |
| 2025-06-20T19:33:53.125549+00:00 | Istio Importer | Affected by | VCID-h5gd-ykr6-aaag | None | 36.1.3 |
| 2025-06-20T19:33:50.317640+00:00 | Istio Importer | Affected by | VCID-djk7-dd9y-aaaf | None | 36.1.3 |
| 2025-06-20T19:33:47.881033+00:00 | Istio Importer | Affected by | VCID-ytys-pthg-aaam | None | 36.1.3 |
| 2025-06-20T19:33:44.361022+00:00 | Istio Importer | Affected by | VCID-bktx-3fbw-aaag | None | 36.1.3 |
| 2025-06-20T19:33:41.578733+00:00 | Istio Importer | Fixing | VCID-areg-zn1d-aaaj | None | 36.1.3 |
| 2025-06-20T19:33:38.762797+00:00 | Istio Importer | Fixing | VCID-v88p-ard2-aaaq | None | 36.1.3 |
| 2025-06-20T19:33:35.986578+00:00 | Istio Importer | Fixing | VCID-e3es-g515-aaac | None | 36.1.3 |
| 2025-06-20T19:33:32.979042+00:00 | Istio Importer | Fixing | VCID-rn3g-fz72-aaaa | None | 36.1.3 |
| 2025-06-20T19:33:30.318830+00:00 | Istio Importer | Fixing | VCID-m38c-y5uy-aaag | None | 36.1.3 |
| 2025-06-20T19:33:27.521346+00:00 | Istio Importer | Fixing | VCID-tnym-eg8u-aaaj | None | 36.1.3 |
| 2025-06-04T08:09:17.600946+00:00 | Istio Importer | Affected by | VCID-te2m-j4fe-aaaj | None | 36.1.0 |
| 2025-06-04T08:09:15.177302+00:00 | Istio Importer | Affected by | VCID-6y3x-kyj7-aaaf | None | 36.1.0 |
| 2025-06-04T08:09:12.599987+00:00 | Istio Importer | Affected by | VCID-wz85-a7wk-aaaj | None | 36.1.0 |
| 2025-06-04T08:09:10.138804+00:00 | Istio Importer | Affected by | VCID-h5gd-ykr6-aaag | None | 36.1.0 |
| 2025-06-04T08:09:07.558675+00:00 | Istio Importer | Affected by | VCID-djk7-dd9y-aaaf | None | 36.1.0 |
| 2025-06-04T08:09:05.050063+00:00 | Istio Importer | Affected by | VCID-ytys-pthg-aaam | None | 36.1.0 |
| 2025-06-04T08:09:02.510116+00:00 | Istio Importer | Affected by | VCID-bktx-3fbw-aaag | None | 36.1.0 |
| 2025-06-04T08:09:00.028300+00:00 | Istio Importer | Fixing | VCID-areg-zn1d-aaaj | None | 36.1.0 |
| 2025-06-04T08:08:57.545327+00:00 | Istio Importer | Fixing | VCID-v88p-ard2-aaaq | None | 36.1.0 |
| 2025-06-04T08:08:55.037208+00:00 | Istio Importer | Fixing | VCID-e3es-g515-aaac | None | 36.1.0 |
| 2025-06-04T08:08:52.542867+00:00 | Istio Importer | Fixing | VCID-rn3g-fz72-aaaa | None | 36.1.0 |
| 2025-06-04T08:08:49.712759+00:00 | Istio Importer | Fixing | VCID-m38c-y5uy-aaag | None | 36.1.0 |
| 2025-06-04T08:08:47.046927+00:00 | Istio Importer | Fixing | VCID-tnym-eg8u-aaaj | None | 36.1.0 |
| 2025-06-02T22:02:04.627748+00:00 | Istio Importer | Affected by | VCID-te2m-j4fe-aaaj | None | 36.1.2 |
| 2025-06-02T22:02:02.154061+00:00 | Istio Importer | Affected by | VCID-6y3x-kyj7-aaaf | None | 36.1.2 |
| 2025-06-02T22:01:59.101321+00:00 | Istio Importer | Affected by | VCID-wz85-a7wk-aaaj | None | 36.1.2 |
| 2025-06-02T22:01:55.915440+00:00 | Istio Importer | Affected by | VCID-h5gd-ykr6-aaag | None | 36.1.2 |
| 2025-06-02T22:01:53.240513+00:00 | Istio Importer | Affected by | VCID-djk7-dd9y-aaaf | None | 36.1.2 |
| 2025-06-02T22:01:50.647134+00:00 | Istio Importer | Affected by | VCID-ytys-pthg-aaam | None | 36.1.2 |
| 2025-06-02T22:01:47.418706+00:00 | Istio Importer | Affected by | VCID-bktx-3fbw-aaag | None | 36.1.2 |
| 2025-06-02T22:01:44.541705+00:00 | Istio Importer | Fixing | VCID-areg-zn1d-aaaj | None | 36.1.2 |
| 2025-06-02T22:01:41.874143+00:00 | Istio Importer | Fixing | VCID-v88p-ard2-aaaq | None | 36.1.2 |
| 2025-06-02T22:01:38.976450+00:00 | Istio Importer | Fixing | VCID-e3es-g515-aaac | None | 36.1.2 |
| 2025-06-02T22:01:36.525485+00:00 | Istio Importer | Fixing | VCID-rn3g-fz72-aaaa | None | 36.1.2 |
| 2025-06-02T22:01:33.744196+00:00 | Istio Importer | Fixing | VCID-m38c-y5uy-aaag | None | 36.1.2 |
| 2025-06-02T22:01:31.099301+00:00 | Istio Importer | Fixing | VCID-tnym-eg8u-aaaj | None | 36.1.2 |
| 2025-04-07T11:55:02.234945+00:00 | Istio Importer | Affected by | VCID-te2m-j4fe-aaaj | None | 36.0.0 |
| 2025-04-07T11:54:58.449658+00:00 | Istio Importer | Affected by | VCID-6y3x-kyj7-aaaf | None | 36.0.0 |
| 2025-04-07T11:54:54.996479+00:00 | Istio Importer | Affected by | VCID-wz85-a7wk-aaaj | None | 36.0.0 |
| 2025-04-07T11:54:51.472444+00:00 | Istio Importer | Affected by | VCID-h5gd-ykr6-aaag | None | 36.0.0 |
| 2025-04-07T11:54:48.106135+00:00 | Istio Importer | Affected by | VCID-djk7-dd9y-aaaf | None | 36.0.0 |
| 2025-04-07T11:54:44.440949+00:00 | Istio Importer | Affected by | VCID-ytys-pthg-aaam | None | 36.0.0 |
| 2025-04-07T11:54:40.988224+00:00 | Istio Importer | Affected by | VCID-bktx-3fbw-aaag | None | 36.0.0 |
| 2025-04-07T11:54:36.666329+00:00 | Istio Importer | Fixing | VCID-areg-zn1d-aaaj | None | 36.0.0 |
| 2025-04-07T11:54:33.027616+00:00 | Istio Importer | Fixing | VCID-v88p-ard2-aaaq | None | 36.0.0 |
| 2025-04-07T11:54:29.326763+00:00 | Istio Importer | Fixing | VCID-e3es-g515-aaac | None | 36.0.0 |
| 2025-04-07T11:54:25.075751+00:00 | Istio Importer | Fixing | VCID-rn3g-fz72-aaaa | None | 36.0.0 |
| 2025-04-07T11:54:20.980469+00:00 | Istio Importer | Fixing | VCID-m38c-y5uy-aaag | None | 36.0.0 |
| 2025-04-07T11:54:16.691538+00:00 | Istio Importer | Fixing | VCID-tnym-eg8u-aaaj | None | 36.0.0 |
| 2025-02-22T09:03:28.399376+00:00 | Istio Importer | Affected by | VCID-6y3x-kyj7-aaaf | None | 35.1.0 |
| 2025-02-22T09:03:25.416488+00:00 | Istio Importer | Affected by | VCID-te2m-j4fe-aaaj | None | 35.1.0 |
| 2025-02-22T09:03:21.351176+00:00 | Istio Importer | Affected by | VCID-bktx-3fbw-aaag | None | 35.1.0 |
| 2025-02-22T09:03:18.319056+00:00 | Istio Importer | Affected by | VCID-wz85-a7wk-aaaj | None | 35.1.0 |
| 2025-02-22T09:03:14.669672+00:00 | Istio Importer | Affected by | VCID-ytys-pthg-aaam | None | 35.1.0 |
| 2025-02-22T09:03:11.474498+00:00 | Istio Importer | Affected by | VCID-h5gd-ykr6-aaag | None | 35.1.0 |
| 2025-02-22T09:03:08.331567+00:00 | Istio Importer | Affected by | VCID-djk7-dd9y-aaaf | None | 35.1.0 |
| 2025-02-22T09:03:05.323487+00:00 | Istio Importer | Fixing | VCID-rn3g-fz72-aaaa | None | 35.1.0 |
| 2025-02-22T09:03:02.240790+00:00 | Istio Importer | Fixing | VCID-tnym-eg8u-aaaj | None | 35.1.0 |
| 2025-02-22T09:02:58.882842+00:00 | Istio Importer | Fixing | VCID-areg-zn1d-aaaj | None | 35.1.0 |
| 2025-02-22T09:02:55.847152+00:00 | Istio Importer | Fixing | VCID-e3es-g515-aaac | None | 35.1.0 |
| 2025-02-22T09:02:52.768310+00:00 | Istio Importer | Fixing | VCID-v88p-ard2-aaaq | None | 35.1.0 |
| 2025-02-22T09:02:49.728313+00:00 | Istio Importer | Fixing | VCID-m38c-y5uy-aaag | None | 35.1.0 |
| 2024-04-26T06:26:49.008201+00:00 | Istio Importer | Affected by | VCID-6y3x-kyj7-aaaf | None | 34.0.0rc4 |
| 2024-04-26T06:26:45.735472+00:00 | Istio Importer | Affected by | VCID-te2m-j4fe-aaaj | None | 34.0.0rc4 |
| 2024-04-26T06:26:42.521599+00:00 | Istio Importer | Affected by | VCID-bktx-3fbw-aaag | None | 34.0.0rc4 |
| 2024-04-26T06:26:39.399232+00:00 | Istio Importer | Affected by | VCID-wz85-a7wk-aaaj | None | 34.0.0rc4 |
| 2024-04-26T06:26:34.121572+00:00 | Istio Importer | Affected by | VCID-ytys-pthg-aaam | None | 34.0.0rc4 |
| 2024-04-26T06:26:30.986043+00:00 | Istio Importer | Affected by | VCID-h5gd-ykr6-aaag | None | 34.0.0rc4 |
| 2024-04-26T06:26:27.765752+00:00 | Istio Importer | Affected by | VCID-djk7-dd9y-aaaf | None | 34.0.0rc4 |
| 2024-04-26T06:26:24.693951+00:00 | Istio Importer | Fixing | VCID-rn3g-fz72-aaaa | None | 34.0.0rc4 |
| 2024-04-26T06:26:21.664481+00:00 | Istio Importer | Fixing | VCID-tnym-eg8u-aaaj | None | 34.0.0rc4 |
| 2024-04-26T06:26:18.668567+00:00 | Istio Importer | Fixing | VCID-areg-zn1d-aaaj | None | 34.0.0rc4 |
| 2024-04-26T06:26:15.611445+00:00 | Istio Importer | Fixing | VCID-e3es-g515-aaac | None | 34.0.0rc4 |
| 2024-04-26T06:26:12.538042+00:00 | Istio Importer | Fixing | VCID-v88p-ard2-aaaq | None | 34.0.0rc4 |
| 2024-04-26T06:26:09.525723+00:00 | Istio Importer | Fixing | VCID-m38c-y5uy-aaag | None | 34.0.0rc4 |
| 2024-01-12T14:29:47.580558+00:00 | Istio Importer | Affected by | VCID-6y3x-kyj7-aaaf | None | 34.0.0rc2 |
| 2024-01-12T14:29:43.920626+00:00 | Istio Importer | Affected by | VCID-te2m-j4fe-aaaj | None | 34.0.0rc2 |
| 2024-01-12T14:29:40.502483+00:00 | Istio Importer | Affected by | VCID-bktx-3fbw-aaag | None | 34.0.0rc2 |
| 2024-01-12T14:29:36.941890+00:00 | Istio Importer | Affected by | VCID-wz85-a7wk-aaaj | None | 34.0.0rc2 |
| 2024-01-12T14:29:33.382167+00:00 | Istio Importer | Affected by | VCID-ytys-pthg-aaam | None | 34.0.0rc2 |
| 2024-01-12T14:29:29.972990+00:00 | Istio Importer | Affected by | VCID-h5gd-ykr6-aaag | None | 34.0.0rc2 |
| 2024-01-12T14:29:26.560803+00:00 | Istio Importer | Affected by | VCID-djk7-dd9y-aaaf | None | 34.0.0rc2 |
| 2024-01-12T14:29:22.733745+00:00 | Istio Importer | Fixing | VCID-rn3g-fz72-aaaa | None | 34.0.0rc2 |
| 2024-01-12T14:29:18.828734+00:00 | Istio Importer | Fixing | VCID-tnym-eg8u-aaaj | None | 34.0.0rc2 |
| 2024-01-12T14:29:15.420335+00:00 | Istio Importer | Fixing | VCID-areg-zn1d-aaaj | None | 34.0.0rc2 |
| 2024-01-12T14:29:11.833096+00:00 | Istio Importer | Fixing | VCID-e3es-g515-aaac | None | 34.0.0rc2 |
| 2024-01-12T14:29:08.237915+00:00 | Istio Importer | Fixing | VCID-v88p-ard2-aaaq | None | 34.0.0rc2 |
| 2024-01-12T14:29:04.750055+00:00 | Istio Importer | Fixing | VCID-m38c-y5uy-aaag | None | 34.0.0rc2 |
| 2024-01-05T10:09:41.510832+00:00 | Istio Importer | Affected by | VCID-6y3x-kyj7-aaaf | None | 34.0.0rc1 |
| 2024-01-05T10:09:38.008418+00:00 | Istio Importer | Affected by | VCID-te2m-j4fe-aaaj | None | 34.0.0rc1 |
| 2024-01-05T10:09:34.606082+00:00 | Istio Importer | Affected by | VCID-bktx-3fbw-aaag | None | 34.0.0rc1 |
| 2024-01-05T10:09:31.020787+00:00 | Istio Importer | Affected by | VCID-wz85-a7wk-aaaj | None | 34.0.0rc1 |
| 2024-01-05T10:09:27.523223+00:00 | Istio Importer | Affected by | VCID-ytys-pthg-aaam | None | 34.0.0rc1 |
| 2024-01-05T10:09:24.082864+00:00 | Istio Importer | Affected by | VCID-h5gd-ykr6-aaag | None | 34.0.0rc1 |
| 2024-01-05T10:09:20.483987+00:00 | Istio Importer | Affected by | VCID-djk7-dd9y-aaaf | None | 34.0.0rc1 |
| 2024-01-05T10:09:16.996708+00:00 | Istio Importer | Fixing | VCID-rn3g-fz72-aaaa | None | 34.0.0rc1 |
| 2024-01-05T10:09:13.525906+00:00 | Istio Importer | Fixing | VCID-tnym-eg8u-aaaj | None | 34.0.0rc1 |
| 2024-01-05T10:09:10.118218+00:00 | Istio Importer | Fixing | VCID-areg-zn1d-aaaj | None | 34.0.0rc1 |
| 2024-01-05T10:09:06.554448+00:00 | Istio Importer | Fixing | VCID-e3es-g515-aaac | None | 34.0.0rc1 |
| 2024-01-05T10:09:03.050175+00:00 | Istio Importer | Fixing | VCID-v88p-ard2-aaaq | None | 34.0.0rc1 |
| 2024-01-05T10:08:59.732642+00:00 | Istio Importer | Fixing | VCID-m38c-y5uy-aaag | None | 34.0.0rc1 |