2 matches found
GHSA-HQXW-MM44-GC4R Istio Fragments in Path May Lead to Authorization Policy Bypass
Impact Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request with fragment in the path may bypass Istio’s URI path based authorization policies. Patches Istio 1.11.1 and above Istio 1.10.4 and above Istio 1.9.8 and above Workarounds...
Istio 安全漏洞
Istio is a set of open platforms for connecting, managing, and securing microservices. A security vulnerability exists in Istio that allows an attacker to bypass the Istio authorization policy for the use of hosts in rules, potentially gaining access to downstream services...