First published: Thu May 27 2021(Updated: )
Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
go/istio.io/istio | >=1.9.0<=1.9.4 | 1.9.5 |
go/istio.io/istio | <1.8.6 | 1.8.6 |
Istio Istio | <1.8.6 | |
Istio Istio | >=1.9.0<1.9.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.