Search for packages
| purl | pkg:golang/istio.io/istio@1.12.3 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8ev5-c8zj-aaar
Aliases: CVE-2021-43824 |
CVE-2021-43824 envoy: Null pointer dereference when using JWT filter safe_regex match | There are no reported fixed by versions. |
|
VCID-anga-kngu-aaac
Aliases: CVE-2022-23606 |
CVE-2022-23606 envoy: Stack exhaustion when a cluster is deleted via Cluster Discovery Service | There are no reported fixed by versions. |
|
VCID-cty8-9t9r-aaaf
Aliases: CVE-2022-21655 |
CVE-2022-21655 envoy: Incorrect handling of internal redirects to routes with a direct response entry | There are no reported fixed by versions. |
|
VCID-dss6-rcaa-aaag
Aliases: CVE-2022-21654 |
CVE-2022-21654 envoy: Incorrect configuration handling allows mTLS session re-use without re-validation | There are no reported fixed by versions. |
|
VCID-dx29-y4ke-aaag
Aliases: CVE-2021-43825 |
CVE-2021-43825 envoy: Use-after-free when response filters increase response data | There are no reported fixed by versions. |
|
VCID-wxdq-fahw-aaag
Aliases: CVE-2022-23635 GHSA-856q-xv3c-7f2f |
CVE-2022-23635 istio: unauthenticated control plane denial of service attack |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-y77q-dr57-aaae
Aliases: CVE-2021-43826 |
CVE-2021-43826 envoy: Use-after-free when tunneling TCP over HTTP | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|