pkg:Go/istio.io/istio

10 total CVEsCRITICAL1HIGH5MEDIUM4

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.3CVE-2019-12243Istio may not check inbound TCP connections against istio-policy
    >= 1.1.0, < 1.1.7
  • HIGH8.3CVE-2021-39155Authorization Policy Bypass Due to Case Insensitive Host Comparison
    from 0, < 1.9.8
  • HIGH8.1CVE-2021-39156Istio Fragments in Path May Lead to Authorization Policy Bypass
    from 0, < 1.9.8
  • HIGH7.5CVE-2019-18817Istio vulnerable to denial of service
    >= 1.3.0, < 1.3.5
  • HIGH7.5CVE-2019-14993Istio ReDoS Vulnerability
    from 0, < 1.1.13
  • HIGH7.5CVE-2022-23635Unauthenticated control plane denial of service attack in Istio
    >= 1.13.0, < 1.13.1
  • MEDIUM6.8CVE-2020-16844Authorization bypass in Istio
    >= 1.5.0, < 1.5.9
  • MEDIUM5.9CVE-2022-31045Ill-formed headers may lead to unexpected behavior in Istio
    from 0, < 1.12.18
  • MEDIUM5.4CVE-2026-39350Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots
    >= 0.0.0-20241024090207-0bf27d49ba4b, < 0.0.0-20260403004500-692e460c342d
  • MEDIUM5.0CVE-2026-41413Istio: SSRF via RequestAuthentication jwksUri
    from 0, < 0.0.0-20260410004459-189832a289c1