ISTIO-SECURITY-2023-003

CVEs reported by Envoy.

Jul 25, 2023

Disclosure Details
CVE(s)CVE-2023-35941
CVE-2023-35942
CVE-2023-35943
CVE-2023-35944
CVSS Impact Score8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Affected ReleasesAll releases prior to 1.16.0
1.16.0 to 1.16.6
1.17.0 to 1.17.4
1.18.0 to 1.18.1

CVE

Envoy CVEs

Am I Impacted?

You are impacted If you accept HTTP/2 traffic from untrusted sources, which applies to most users. This especially applies if you use a Gateway exposed on the public internet.