This repository was archived by the owner on Mar 30, 2022. It is now read-only.
This repository was archived by the owner on Mar 30, 2022. It is now read-only.
3 critical CVSS even after upgrade to latest (1.7.7.1) #140
Description
Hi all,
We are running OWASP dependency checker and got 3 critical CVSS:
istio-common:1.7.7.1 | Istio Before 1.8.6 and 1.9.x Before 1.9.5 Contains a Remotely Exploitable Vulnerability Where an External Client Can Access Unexpected Services in the Cluster, Bypassing Authorization Checks, When a Gateway Is Configured With AUTO_PASSTHROUGH Routing Configuration.(in istio-common-1.7.7.1.jar)
| Location | Component Name | Component Version | Group |
|---|---|---|---|
| istio-common-1.7.7.1.jar | me.snowdrop:istio-common | 1.7.7.1 | N |
| 862 | CVE-2021-31921 |
|---|
Mitigation
Update me.snowdrop:istio-common:1.7.7.1 to at least the version recommended in the description
What is your recommendation to solve this?
Thanks!