Moderate severityNVD Advisory· Published May 27, 2021· Updated Aug 3, 2024
CVE-2021-31920
CVE-2021-31920
Description
Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
istio.io/istioGo | < 1.8.6 | 1.8.6 |
istio.io/istioGo | >= 1.9.0, < 1.9.5 | 1.9.5 |
Affected products
2- Istio/Istiodescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-6q5m-22mq-q2xvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-31920ghsaADVISORY
- istio.io/latest/news/security/istio-security-2021-005ghsaWEB
- istio.io/latest/news/security/istio-security-2021-005/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.