A flaw was found in Istio in versions prior to 1.1.13 and 1.2.4. Regular expressions for long URIs are mishandled leading to a denial of service during the use of JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API. The highest threat from this vulnerability is to system availability.