High severityNVD Advisory· Published Aug 13, 2019· Updated Aug 5, 2024
CVE-2019-14993
CVE-2019-14993
Description
Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
istio.io/istioGo | < 1.1.13 | 1.1.13 |
istio.io/istioGo | >= 1.2.0, < 1.2.4 | 1.2.4 |
Affected products
57- Istio/Istiodescription
- osv-coords56 versionspkg:apk/chainguard/cert-manager-istio-csrpkg:apk/chainguard/cert-manager-istio-csr-compatpkg:apk/chainguard/cert-manager-istio-csr-compat-fipspkg:apk/chainguard/cert-manager-istio-csr-fipspkg:apk/chainguard/istio-cni-1.21pkg:apk/chainguard/istio-cni-1.21-compatpkg:apk/chainguard/istio-cni-1.22pkg:apk/chainguard/istio-cni-1.22-compatpkg:apk/chainguard/istio-cni-fips-1.21pkg:apk/chainguard/istio-cni-fips-1.21-compatpkg:apk/chainguard/istio-fips-1.21pkg:apk/chainguard/istio-install-cni-1.21pkg:apk/chainguard/istio-install-cni-1.21-compatpkg:apk/chainguard/istio-install-cni-1.22pkg:apk/chainguard/istio-install-cni-1.22-compatpkg:apk/chainguard/istio-install-cni-fips-1.21pkg:apk/chainguard/istio-install-cni-fips-1.21-compatpkg:apk/chainguard/istio-operator-1.20pkg:apk/chainguard/istio-operator-1.21pkg:apk/chainguard/istio-operator-1.22pkg:apk/chainguard/istio-operator-fips-1.21pkg:apk/chainguard/istio-pilot-agent-1.21pkg:apk/chainguard/istio-pilot-agent-1.21-compatpkg:apk/chainguard/istio-pilot-agent-1.22pkg:apk/chainguard/istio-pilot-agent-1.22-compatpkg:apk/chainguard/istio-pilot-agent-fips-1.21pkg:apk/chainguard/istio-pilot-agent-fips-1.21-compatpkg:apk/chainguard/istio-pilot-discovery-1.21pkg:apk/chainguard/istio-pilot-discovery-1.21-compatpkg:apk/chainguard/istio-pilot-discovery-1.22pkg:apk/chainguard/istio-pilot-discovery-1.22-compatpkg:apk/chainguard/istio-pilot-discovery-fips-1.21pkg:apk/chainguard/kgateway-2.3pkg:apk/chainguard/kgateway-fips-2.3pkg:apk/wolfi/cert-manager-istio-csrpkg:apk/wolfi/cert-manager-istio-csr-compatpkg:apk/wolfi/istio-cni-1.21pkg:apk/wolfi/istio-cni-1.21-compatpkg:apk/wolfi/istio-cni-1.22pkg:apk/wolfi/istio-cni-1.22-compatpkg:apk/wolfi/istio-install-cni-1.21pkg:apk/wolfi/istio-install-cni-1.21-compatpkg:apk/wolfi/istio-install-cni-1.22pkg:apk/wolfi/istio-install-cni-1.22-compatpkg:apk/wolfi/istio-operator-1.20pkg:apk/wolfi/istio-operator-1.21pkg:apk/wolfi/istio-operator-1.22pkg:apk/wolfi/istio-pilot-agent-1.21pkg:apk/wolfi/istio-pilot-agent-1.21-compatpkg:apk/wolfi/istio-pilot-agent-1.22pkg:apk/wolfi/istio-pilot-agent-1.22-compatpkg:apk/wolfi/istio-pilot-discovery-1.21pkg:apk/wolfi/istio-pilot-discovery-1.21-compatpkg:apk/wolfi/istio-pilot-discovery-1.22pkg:apk/wolfi/istio-pilot-discovery-1.22-compatpkg:golang/istio.io/istio
< 0+ 55 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.20.7-r0
- (no CPE)range: < 1.21.3-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.21.3-r0
- (no CPE)range: < 1.21.3-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.20.7-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.1.13
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-qcvw-82hh-gq38ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-14993ghsaADVISORY
- discuss.istio.io/t/upcoming-security-updates-in-istio-1-2-4-and-1-1-13/3383ghsax_refsource_MISCWEB
- gcc.gnu.org/bugzilla/show_bug.cgighsax_refsource_MISCWEB
- github.com/envoyproxy/envoy/issues/7728ghsax_refsource_MISCWEB
- istio.io/blog/2019/istio-security-003-004ghsaWEB
- istio.io/blog/2019/istio-security-003-004/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.