VDB
CVE-2021-39156
CVE-2021-39156
PUBLISHED
CVSS 8.100000381469727 HIGH
Istio Fragments in Path May Lead to Authorization Policy Bypass
EPSS 0.24% · 46.7th percentile
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
0.24%
46.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| istio | istio | 1.10.0, >= 1.10.0, < 1.10.4, >= 1.11.0, < 1.11.1 |
| istio.io | istio | 1.11.0, 1.11.0, 0 |
Exploit Intelligence
- anonymousAIware2026/MicroserviceCVE-2021-39156 (github-poc)
- anonymousAIware2026/MicroserviceCVE-2021-39156 (github-poc)
- anonymousAIware2026/MicroserviceCVE-2021-39156 (github-poc)
- anonymousAIware2026/MicroserviceCVE-2021-39156 (github-poc)
- anonymousAIware2026/MicroserviceCVE-2021-39156 (github-poc)
- CIRCL seen: CVE-2021-39156 (circl-sighting)
- CIRCL seen: CVE-2021-39156 (circl-sighting)
- https://github.com/istio/istio/security/advisories/GHSA-hqxw-mm44-gc4r (circl)
- https://istio.io/latest/news/security/istio-security-2021-008 (circl)
Timeline
- Aug 24, 2021 CVE Published
- Aug 25, 2021 EPSS Score
- Aug 25, 2021 PoC Published
- Oct 22, 2021 EPSS Score
- Dec 19, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 16, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 15, 2022 EPSS Score
- Jun 12, 2022 EPSS Score
- Aug 10, 2022 EPSS Score
- Oct 7, 2022 EPSS Score