Vulnerabilities > Istio > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2021-31920 Use of Incorrectly-Resolved Name or Reference vulnerability in Istio
Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
network
low complexity
istio CWE-706
6.5
2021-01-29 CVE-2019-25014 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0.
network
low complexity
istio redhat CWE-476
6.5
2020-10-01 CVE-2020-16844 Unspecified vulnerability in Istio
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g.
network
high complexity
istio
6.8