vulnerability

Oracle Linux: CVE-2021-31920: ELSA-2021-9396: olcne security update (IMPORTANT) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	May 27, 2021	Aug 7, 2021	Dec 4, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

May 27, 2021

Added

Aug 7, 2021

Modified

Dec 4, 2025

Description

Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass an Istio authorization policy when path based authorization rules are used.

Solutions

oracle-linux-upgrade-istiooracle-linux-upgrade-istio-istioctloracle-linux-upgrade-istio-pilot-agentoracle-linux-upgrade-istio-pilot-discoveryoracle-linux-upgrade-kubeadmoracle-linux-upgrade-kubectloracle-linux-upgrade-kubeletoracle-linux-upgrade-olcne-agentoracle-linux-upgrade-olcne-api-serveroracle-linux-upgrade-olcnectloracle-linux-upgrade-olcne-grafana-chartoracle-linux-upgrade-olcne-istio-chartoracle-linux-upgrade-olcne-nginxoracle-linux-upgrade-olcne-olm-chartoracle-linux-upgrade-olcne-prometheus-chartoracle-linux-upgrade-olcne-utils

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today