CVE-2021-31920
CVSS v3.1
6.5 (Medium)
CVSS v2.0
4 (Medium)
EPSS
0.07 % (33th)
Affected Products
1
Advisories
4
Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
Weaknesses
- CWE-706
- Use of Incorrectly-Resolved Name or Reference
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2021-05-27 05:15:06
(3 years ago) - Updated Date
-
2022-07-12 17:42:04
(2 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...