VDB
CVE-2019-14993
CVE-2019-14993
PUBLISHED
Reported by mitre · Published August 13, 2019
Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| wolfi | istio-pilot-agent-1.22 | *, *, * |
| chainguard | istio-pilot-agent-1.22 | *, *, * |
| n/a | n/a | n/a, * |
| chainguard | istio-operator-1.20 | 0, 0, 0 |
| wolfi | istio-pilot-agent-1.21 | 0, 0, 0 |
| chainguard | istio-cni-1.21 | 0, 0, 0 |
| chainguard | istio-operator-1.22 | *, *, * |
| wolfi | istio-operator-1.22 | *, *, * |
| chainguard | istio-pilot-discovery-1.22 | *, *, * |
| wolfi | istio-pilot-discovery-1.21 | 0, 0, 0 |
| wolfi | istio-operator-1.21 | 0, 0, 0 |
| wolfi | cert-manager-istio-csr | *, *, * |
| chainguard | cert-manager-istio-csr-fips | *, *, * |
| wolfi | istio-cni-1.22 | *, *, * |
| chainguard | cert-manager-istio-csr | *, *, * |
| chainguard | istio-operator-1.21 | 0, 0, 0 |
| chainguard | istio-pilot-agent-1.21 | 0, 0, 0 |
| istio.io | istio | 0, 1.2.0, 0 |
| wolfi | istio-pilot-discovery-1.22 | *, *, * |
…and 5 more
Timeline
- Aug 13, 2019 CVE Published
- Aug 16, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- x_refsource_MISC
- x_refsource_MISC
- x_refsource_CONFIRM
- x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2019-14993 advisory