istio.io/istio
Go10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting istio.io/istiopage 1 of 1
- CVE-2019-12243HIGHCVSS 7.5EG 7.5✓ Fixed in 1.1.72019-06-05
Istio 1.1.x through 1.1.6 has Incorrect Access Control.
- CVE-2019-14993HIGHCVSS 7.5EG 7.5✓ Fixed in 1.2.42019-08-13
Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API.
- CVE-2019-18817HIGHCVSS 7.5EG 7.5✓ Fixed in 1.3.52019-11-12
Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.
- CVE-2020-16844MEDIUMCVSS 6.8EG 6.8✓ Fixed in 1.6.82020-10-01
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be d…
- CVE-2021-39155HIGHCVSS 8.3EG 8.3✓ Fixed in 1.11.12021-08-24
vulnerable: 1.11.0
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to [RFC 4343](https://datatracker.ietf.org/doc/html…
- CVE-2021-39156HIGHCVSS 8.1EG 8.1✓ Fixed in 1.11.12021-08-24
vulnerable: 1.11.0
Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a…
- CVE-2022-23635HIGHCVSS 7.5EG 7.5✓ Fixed in 1.11.72022-02-22
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted messa…
- CVE-2022-31045HIGHCVSS 7.0EG 7.0✓ Fixed in 1.14.12022-06-09
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users…
- CVE-2026-39350MEDIUMCVSS 5.4EG 5.4✓ Fixed in 0.0.0-20260403004500-692e460c342d2026-04-15
Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0, and 1.29.1, the serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly inte…
- CVE-2026-41413MEDIUMCVSS 5.0EG 5.0✓ Fixed in 0.0.0-20260410004459-189832a289c12026-05-07
Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated H…
Check whether istio.io/istio is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for istio.io/istio CVEs against the assets you own.
Start Free Scan →