Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability where an untrusted upstream service could cause Envoy to terminate abnormally by sending the GOAWAY frame followed by the SETTINGS frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0.
Envoy, as used by Istio before version 1.11.1, contains a remotely exploitable vulnerability where an untrusted upstream service could cause Envoy to terminate abnormally by sending the GOAWAY frame followed by the SETTINGS frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0.
https://istio.io/latest/news/security/istio-security-2021-008/#cve-2021-32780