CVE-2021-39156

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-39156
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39156.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-39156
Aliases
Downstream
Related
Published
2021-08-24T23:15:10.413Z
Modified
2026-02-05T07:23:30.771349Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request with #fragment in the path may bypass Istio’s URI path based authorization policies. Patches are available in Istio 1.11.1, Istio 1.10.4 and Istio 1.9.8. As a work around a Lua filter may be written to normalize the path.

References

Affected packages

Git / github.com/istio/istio

Affected ranges

Type
GIT
Repo
https://github.com/istio/istio
Events
Fixed
5336ff0f12bc093b728dac3a729b4b2bcbc3df65
Introduced
d26cba7e341587453ffeb978f5cf6fbc32f346f8
Fixed
61313778e0b785e401c696f5e92f47af069f96d0
Introduced
57d639a4fd19ee8c3559b9a4032f91e4d23c6f14
Fixed
ce6205d503e5c5e41af496ebbe01ece7dc6c3547

Affected versions

1.*
1.10.0
1.10.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39156.json"