-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper path normalization in Envoy proxies configured by Istio. While the actual path processing occurs in Envoy (C++), the root cause in Istio's Go code is the failure to configure Envoy with required normalization settings. The buildHTTPConnectionManager function in Istio's control plane (responsible for Envoy configuration generation) is the logical point where this misconfiguration would occur. The advisory explicitly mentions updated normalization options in patched versions, implicating this configuration pathway.
GoGo| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| istio.io/istio | go | < 1.8.6 | 1.8.6 |
| istio.io/istio | go | >= 1.9.0, <= 1.9.4 | 1.9.5 |
Ongoing coverage of React2Shell