CVE-2019-25014
published 2021-01-29CVE-2019-25014: A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilot before 1.5.0-alpha.0. If a particular HTTP GET request is made to the pilot API endpoint, it is possible to cause the Go runtime to panic (resulting in a denial of service to the istio-pilot application).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| istio | istio | <= 1.4.9 | — |
| redhat | openshift_service_mesh | — | — |