ISTIO-SECURITY-2021-003

Apr 15, 2021

Disclosure Details
CVE(s)CVE-2021-28683
CVE-2021-28682
CVE-2021-29258
CVSS Impact Score7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected ReleasesAll releases prior to 1.8.5
1.9.0 to 1.9.2

Envoy, and subsequently Istio, is vulnerable to several newly discovered vulnerabilities:

Reporting vulnerabilities

We’d like to remind our community to follow the vulnerability reporting process to report any bug that can result in a security vulnerability.