Vulnerabilities > Istio > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-27 | CVE-2021-31920 | Use of Incorrectly-Resolved Name or Reference vulnerability in Istio Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used. | 6.5 |
2021-01-29 | CVE-2019-25014 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. | 6.5 |
2020-10-01 | CVE-2020-16844 | Unspecified vulnerability in Istio In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. | 6.8 |