Skipper Security Vulnerabilities

CVE-2022-27262

An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.

CVE-2022-34296

In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request.

CVE-2022-38580

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).