CVE-2021-31920

Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.
References
Configurations

Configuration 1

cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*
cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*

Information

Published : 2021-05-27 05:15

Updated : 2022-07-12 05:42


NVD link : CVE-2021-31920

Mitre link : CVE-2021-31920

Products Affected
No products.
CWE