Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12YzdoLWNtcDMtNGh3Nc4AAq_2
Istio vulnerable to denial of service
Istio 1.3.x before 1.3.5 is vulnerable to denial of service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12YzdoLWNtcDMtNGh3Nc4AAq_2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-vc7h-cmp3-4hw5, CVE-2019-18817
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-18817
- https://github.com/istio/istio/issues/18229
- https://istio.io/news/2019/announcing-1.3.5/
- https://github.com/istio/istio/issues/18229#issuecomment-553190142
- https://github.com/istio/istio/commit/7570a1f5b56c108aed6ecfa5d2a6048f444bfb37
- https://github.com/advisories/GHSA-vc7h-cmp3-4hw5
Blast Radius: 16.3
Affected Packages
go:istio.io/istio
Dependent packages: 119Dependent repositories: 149
Downloads:
Affected Version Ranges: >= 1.3.0, < 1.3.5
Fixed in: 1.3.5
All affected versions:
All unaffected versions: