{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Red Hat OpenShift Service Mesh pour Power 2.1 for RHEL 8 ppc64le",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat OpenShift Service Mesh 2.1 pour RHEL 8 x86_64",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    },
    {
      "description": "Red Hat OpenShift Service Mesh pour IBM Z 2.1 for RHEL 8 s390x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Red Hat",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-29224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29224"
    },
    {
      "name": "CVE-2022-29226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29226"
    },
    {
      "name": "CVE-2022-23806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
    },
    {
      "name": "CVE-2022-23773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
    },
    {
      "name": "CVE-2022-23772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
    },
    {
      "name": "CVE-2022-31045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31045"
    },
    {
      "name": "CVE-2022-29228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29228"
    },
    {
      "name": "CVE-2022-29225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29225"
    }
  ],
  "initial_release_date": "2022-06-14T00:00:00",
  "last_revision_date": "2022-06-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-543",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 RHSA-2022:5004 du 13 juin 2022",
      "url": "https://access.redhat.com/errata/RHSA-2022:5004"
    }
  ]
}

{
  "GSD": {
    "alias": "CVE-2022-31045",
    "description": "Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue.",
    "id": "GSD-2022-31045",
    "references": [
      "https://access.redhat.com/errata/RHSA-2022:5004"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-31045"
      ],
      "details": "Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue.",
      "id": "GSD-2022-31045",
      "modified": "2023-12-13T01:19:17.315094Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-31045",
        "STATE": "PUBLIC",
        "TITLE": "Ill-formed headers may lead to unexpected behavior in Istio"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "istio",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.12.18"
                        },
                        {
                          "version_value": "\u003e= 1.13.0, \u003c 1.13.5"
                        },
                        {
                          "version_value": "\u003e= 1.14.0, \u003c 1.14.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "istio"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-125: Out-of-bounds Read"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x",
            "refsource": "CONFIRM",
            "url": "https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x"
          },
          {
            "name": "https://istio.io/latest/news/security/istio-security-2022-05",
            "refsource": "MISC",
            "url": "https://istio.io/latest/news/security/istio-security-2022-05"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-xwx5-5c9g-x68x",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.12.8||\u003e=1.13.0 \u003c1.13.5||=1.14.0",
          "affected_versions": "All versions before 1.12.8, all versions starting from 1.13.0 before 1.13.5, all versions starting from 1.14.0 before 1.14.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-125",
            "CWE-937"
          ],
          "date": "2022-06-17",
          "description": "Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue.",
          "fixed_versions": [
            "1.12.8",
            "1.13.5",
            "1.14.1"
          ],
          "identifier": "CVE-2022-31045",
          "identifiers": [
            "CVE-2022-31045",
            "GHSA-xwx5-5c9g-x68x"
          ],
          "not_impacted": "All versions starting from 1.12.8 before 1.13.0, all versions starting from 1.13.5 before 1.14.0, all versions starting from 1.14.1",
          "package_slug": "go/github.com/istio/istio",
          "pubdate": "2022-06-09",
          "solution": "Upgrade to versions 1.12.8, 1.13.5, 1.14.1 or above.",
          "title": "Out-of-bounds Read",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-31045",
            "https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x",
            "https://istio.io/latest/news/security/istio-security-2022-05"
          ],
          "uuid": "00e7f605-edda-4bdd-a66b-ef0434441aef"
        },
        {
          "affected_range": "\u003c1.12.18||\u003e=1.13.0 \u003c1.13.5||\u003e=1.14.0 \u003c1.14.1",
          "affected_versions": "All versions before 1.12.18, all versions starting from 1.13.0 before 1.13.5, all versions starting from 1.14.0 before 1.14.1",
          "cwe_ids": [
            "CWE-1035",
            "CWE-125",
            "CWE-937"
          ],
          "date": "2022-06-10",
          "description": "Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue.",
          "fixed_versions": [
            "1.12.18",
            "1.13.5",
            "1.14.1"
          ],
          "identifier": "CVE-2022-31045",
          "identifiers": [
            "GHSA-xwx5-5c9g-x68x",
            "CVE-2022-31045"
          ],
          "not_impacted": "All versions starting from 1.12.18 before 1.13.0, all versions starting from 1.13.5 before 1.14.0, all versions starting from 1.14.1",
          "package_slug": "go/istio.io/istio",
          "pubdate": "2022-06-10",
          "solution": "Upgrade to versions 1.12.18, 1.13.5, 1.14.1 or above.",
          "title": "Out-of-bounds Read",
          "urls": [
            "https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-31045",
            "https://istio.io/latest/news/security/istio-security-2022-05",
            "https://github.com/advisories/GHSA-xwx5-5c9g-x68x"
          ],
          "uuid": "2cae3a7a-164e-4d4a-863d-ad0aa0bcc477"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:istio:istio:1.14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.13.5",
                "versionStartIncluding": "1.13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.12.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31045"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x"
            },
            {
              "name": "https://istio.io/latest/news/security/istio-security-2022-05",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "https://istio.io/latest/news/security/istio-security-2022-05"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-06-17T15:03Z",
      "publishedDate": "2022-06-09T21:15Z"
    }
  }
}

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FE07EC-28B8-4AFC-AA7D-8B0391DDB4A6",
              "versionEndExcluding": "1.12.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBAE9F00-BB58-4216-B7E3-4B38BCBE83EB",
              "versionEndExcluding": "1.13.5",
              "versionStartIncluding": "1.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:istio:istio:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A44594E-B558-462E-ACF4-D1DCAFC7D638",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue."
    },
    {
      "lang": "es",
      "value": "Istio es una plataforma abierta para conectar, gestionar y asegurar microservicios. En las versiones afectadas, las cabeceras mal formadas enviadas a Envoy en ciertas configuraciones pueden conducir a un acceso inesperado a la memoria, lo que resulta en un comportamiento indefinido o un bloqueo. Los usuarios est\u00e1n en mayor riesgo si tienen un Gateway de entrada de Istio expuesto al tr\u00e1fico externo. Esta vulnerabilidad se ha resuelto en las versiones 1.12.8, 1.13.5 y 1.14.1. Se recomienda a los usuarios que actualicen. No hay soluciones conocidas para este problema"
    }
  ],
  "id": "CVE-2022-31045",
  "lastModified": "2024-11-21T07:03:46.690",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-06-09T21:15:07.847",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://istio.io/latest/news/security/istio-security-2022-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://istio.io/latest/news/security/istio-security-2022-05"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "istio.io/istio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "istio.io/istio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.13.0"
            },
            {
              "fixed": "1.13.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "istio.io/istio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.14.0"
            },
            {
              "fixed": "1.14.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31045"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-10T19:53:55Z",
    "nvd_published_at": "2022-06-09T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nIll-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing.\n\nYou are at most risk if you have an Istio ingress Gateway exposed to external traffic.\n\n### Patches\n1.12.8, 1.13.5, 1.14.1\n\n### Workarounds\nNo.\n\n### References\nMore details can be found in the [Istio Security Bulletin](https://istio.io/latest/news/security/istio-security-2022-05)\n\n### For more information\nIf you have any questions or comments about this advisory, please email us at [istio-security-vulnerability-reports@googlegroups.com](mailto:istio-security-vulnerability-reports@googlegroups.com)\n",
  "id": "GHSA-xwx5-5c9g-x68x",
  "modified": "2022-06-10T19:53:55Z",
  "published": "2022-06-10T19:53:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/istio/istio/security/advisories/GHSA-xwx5-5c9g-x68x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31045"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/istio/istio"
    },
    {
      "type": "WEB",
      "url": "https://istio.io/latest/news/security/istio-security-2022-05"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Ill-formed headers may lead to unexpected behavior in Istio"
}