Vulnerabilities > Istio > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
2022-10-13 | CVE-2022-39278 | Resource Exhaustion vulnerability in Istio Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. | 7.5 |
2022-06-09 | CVE-2022-31045 | Out-of-bounds Read vulnerability in Istio Istio is an open platform to connect, manage, and secure microservices. | 7.5 |
2022-02-22 | CVE-2022-23635 | Improper Validation of Specified Quantity in Input vulnerability in Istio Istio is an open platform to connect, manage, and secure microservices. | 7.5 |
2022-01-19 | CVE-2022-21679 | Always-Incorrect Control Flow Implementation vulnerability in Istio 1.12.0/1.12.1 Istio is an open platform to connect, manage, and secure microservices. | 7.5 |
2021-08-24 | CVE-2021-39155 | Incorrect Authorization vulnerability in Istio Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. | 7.5 |
2021-08-24 | CVE-2021-39156 | Use of Incorrectly-Resolved Name or Reference vulnerability in Istio Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. | 7.5 |
2020-06-02 | CVE-2020-10739 | NULL Pointer Dereference vulnerability in Istio Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. | 7.5 |
2020-02-12 | CVE-2020-8595 | Improper Authentication vulnerability in multiple products Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. | 7.5 |
2019-11-11 | CVE-2019-18836 | Infinite Loop vulnerability in multiple products Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." | 7.5 |