Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-05-27T04:03:31
Updated: 2024-08-03T23:10:31.275Z
Reserved: 2021-04-30T00:00:00
Link: CVE-2021-31920
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-05-27T05:15:06.880
Modified: 2024-11-21T06:06:30.790
Link: CVE-2021-31920
Redhat