{"id":"GHSA-vc7h-cmp3-4hw5","summary":"Istio vulnerable to denial of service","details":"Istio 1.3.x before 1.3.5 is vulnerable to denial of service because `continue_on_listener_filters_timeout` is set to True, a related issue to CVE-2019-18836.","aliases":["CVE-2019-18817"],"modified":"2023-11-08T04:01:26.271919Z","published":"2022-05-24T22:01:14Z","database_specific":{"cwe_ids":["CWE-835"],"nvd_published_at":"2019-11-12T14:15:00Z","github_reviewed":true,"github_reviewed_at":"2023-10-19T18:09:28Z","severity":"HIGH"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18817"},{"type":"WEB","url":"https://github.com/istio/istio/issues/18229"},{"type":"WEB","url":"https://github.com/istio/istio/issues/18229#issuecomment-553190142"},{"type":"WEB","url":"https://github.com/istio/istio/commit/7570a1f5b56c108aed6ecfa5d2a6048f444bfb37"},{"type":"PACKAGE","url":"https://github.com/istio/istio"},{"type":"WEB","url":"https://istio.io/news/2019/announcing-1.3.5"}],"affected":[{"package":{"name":"istio.io/istio","ecosystem":"Go","purl":"pkg:golang/istio.io/istio"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.3.0"},{"fixed":"1.3.5"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vc7h-cmp3-4hw5/GHSA-vc7h-cmp3-4hw5.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}