📦 Istio

This vulnerability allows external clients to bypass Istio's authorization checks and access internal Kubernetes services they shouldn't have access to. It affects Istio deployments where gateways are...

CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server resources. This affects any system using HTTP/2, incl...

CVE-2022-24726 is a denial-of-service vulnerability in Istio's control plane (istiod) where a specially crafted message to the validating webhook endpoint on port 15017 can crash the control plane. Th...

This vulnerability allows attackers to bypass Istio's URI path-based authorization policies by sending HTTP requests with URL fragments (#fragment) in the path. This affects all Istio deployments usin...