istio
/
istio.io
mirror of https://github.com/istio/istio.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove consecutive blank line. (#4587)

This commit is contained in:
Joshua Blatt 2019-06-29 03:35:06 -07:00 committed by Martin Taillefer
parent 9a94b59061
commit 083d6a4ae4
1 changed files with 0 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
content/blog/2019/cve-2019-12995/index.md
View File

@ -44,7 +44,6 @@ Envoy is vulnerable if the following two conditions are satisfied:
The RSA algorithm used for signature verification does not contain any known security vulnerability. This CVE is triggered only when using this algorithm but is unrelated to the security of the system.
{{< /tip >}}
If JWT policy is applied to the Istio ingress gateway, please be aware that any external user who has access to the ingress gateway could crash it with a single HTTP request.
If JWT policy is applied to the sidecar only, please keep in mind it might still be vulnerable. For example, the Istio ingress gateway might forward the JWT token to the sidecar which could be a malformed JWT token that crashes the sidecar.