CVE-2019-14993
N/A
N/A
Summary
Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://discuss.istio.io/t/upcoming-security-updates-in-istio-1-2-4-and-1-1-13/3383
- https://github.com/envoyproxy/envoy/issues/7728
- https://istio.io/blog/2019/istio-security-003-004/
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86164
References
- https://discuss.istio.io/t/upcoming-security-updates-in-istio-1-2-4-and-1-1-13/3383
- https://github.com/envoyproxy/envoy/issues/7728
- https://istio.io/blog/2019/istio-security-003-004/
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86164
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.