VDB
CVE-2021-39155
CVE-2021-39155
PUBLISHED
CVSS 8.300000190734863 HIGH
Authorization Policy Bypass Due to Case Insensitive Host Comparison
EPSS 0.17% · 38.1th percentile
Risk Scores
CVSS v3.1
8.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
EPSS Score
0.17%
38.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| istio.io | istio | 0, 1.10.0, 1.11.0 |
| istio | istio | <= 1.9.8, >= 1.10.0, < 1.10.4, >= 1.11.0, < 1.11.1 |
Timeline
- Aug 24, 2021 CVE Published
- Aug 25, 2021 EPSS Score
- Aug 25, 2021 PoC Published
- Oct 22, 2021 EPSS Score
- Dec 19, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 15, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 15, 2022 EPSS Score
- Jun 12, 2022 EPSS Score
- Jul 16, 2022 CVE Updated
- Aug 10, 2022 EPSS Score
References
- https://github.com/istio/istio/security/advisories/GHSA-7774-7vr3-cc8j url
- https://datatracker.ietf.org/doc/html/rfc4343 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-39155 advisory
- https://github.com/istio/istio/commit/084b417a486dbe9b9024d4812877016a484572b1 url
- https://github.com/istio/istio/commit/76ed51413ddd2a7fa253a368ab20a9cec5fb1cbe url
- https://github.com/istio/istio/commit/90b00bdf891e6c770cb3235c14a9b1fda96cc7c5 url
- https://github.com/istio/istio package