ISTIO-SECURITY-2024-004

CVEs reported by Envoy.

Jun 4, 2024

Disclosure Details
CVE(s)CVE-2024-32976
CVE-2024-32975
CVE-2024-32974
CVE-2024-34363
CVE-2024-34362
CVE-2024-23326
CVE-2024-34364
CVSS Impact Score7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected ReleasesAll releases prior to 1.20.0
1.20.0 to 1.20.6
1.21.0 to 1.21.2
1.22.0

CVE

Envoy CVEs

Am I Impacted?

If you are using JSON access log formatting in Istio 1.22, you are impacted, please upgrade as soon as possible. The request smuggling will also affect users of Websockets.