Istio before 1.1.13 and 1.2.x before 1.2.4 mishandles regular expressions for long URIs, leading to a denial of service during use of the JWT, VirtualService, HTTPAPISpecBinding, or QuotaSpecBinding API. Upstream Issue: https://github.com/envoyproxy/envoy/issues/7728 References: https://istio.io/news/2019/istio-security-003-004/
External References: https://istio.io/news/2019/istio-security-003-004/
Used FixCVE names as this was released in an RHEA: https://access.redhat.com/errata/RHEA-2020:1416