1. Home
  2. Vulnerabilities
  3. CVE-2021-31920

CVE-2021-31920

CVSS v3.1 6.5 (Medium)
65% Progress
CVSS v2.0 4 (Medium)
40% Progress
EPSS 0.07 % (33th)
0.07% Progress
Affected Products 1
Advisories 4
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.

Weaknesses
CWE-706
Use of Incorrectly-Resolved Name or Reference
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2021-05-27 05:15:06
(3 years ago)
Updated Date
2022-07-12 17:42:04
(2 years ago)

Affected Products

Istio

Configuration #1

    CPE23 From Up To
  Istio prior 1.8.6 version cpe:2.3:a:istio:istio < 1.8.6
  Istio from 1.9.0 version and prior 1.9.5 version cpe:2.3:a:istio:istio >= 1.9.0 < 1.9.5