Search for packages
| purl | pkg:golang/istio.io/istio@1.3.0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-53ez-ykh2-aaag
Aliases: CVE-2019-15226 |
CVE-2019-15226 envoy: crafted request allows remote attacker to cause denial of service | There are no reported fixed by versions. |
|
VCID-aspk-ntyx-aaar
Aliases: CVE-2020-8595 |
CVE-2020-8595 istio: unauthorised access to JWT protected HTTP path | There are no reported fixed by versions. |
|
VCID-k7z7-aarf-aaag
Aliases: CVE-2020-8843 |
An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4. | There are no reported fixed by versions. |
|
VCID-qzf4-cp5y-aaaq
Aliases: CVE-2019-18802 |
CVE-2019-18802 envoy: malformed request header may cause bypass of route matchers resulting in escalation of privileges or information disclosure | There are no reported fixed by versions. |
|
VCID-w3w7-upq4-aaam
Aliases: CVE-2019-18801 |
CVE-2019-18801 envoy: an untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1 | There are no reported fixed by versions. |
|
VCID-zwcz-r1fe-aaak
Aliases: CVE-2019-18817 GHSA-vc7h-cmp3-4hw5 |
CVE-2019-18817 istio/envoy: infinite loop in Envoy, and subsequently Istio leads to a DoS |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|