125 matches found
BIT-CONTOUR-2026-41246 Contour: Lua code injection via Cookie Path Rewrite Policy
Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in...
Contour has Lua code injection via Cookie Path Rewrite Policy
Impact Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the following fields that results in arbitrary code execution in the Envoy proxy: -...
EUVD-2026-25280
Contour has Lua code injection via Cookie Path Rewrite Policy...
CVE-2026-41246
A flaw was found in Contour, a Kubernetes ingress controller. An attacker with Role-Based Access Control RBAC permissions to manage HTTPProxy resources can exploit a Lua code injection vulnerability within Contour's Cookie Rewriting feature. By crafting a malicious value in specific configuration...
CVE-2026-41246
Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in...
CVE-2026-41246 Contour: Lua code injection via Cookie Path Rewrite Policy
Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in...
CVE-2026-41246
Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in...
CVE-2026-41246
Contour’s Cookie Rewriting feature (Envoy Lua filter) is vulnerable to Lua code injection from v1.19.0 up to before v1.33.4, v1.32.5, and v1.31.6. An attacker with RBAC to create/modify HTTPProxy resources can inject values into spec.routes[].cookieRewritePolicies[].pathRewrite.value (or services...
CVE-2026-41246 Contour: Lua code injection via Cookie Path Rewrite Policy
Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in...
Contour 代码注入漏洞
Contour is an open-source Kubernetes ingress controller that uses Envoy proxies. Versions of Contour from v1.19.0 to v1.33.4, v1.32.5 before v1.32.5, and v1.31.6 before v1.31.6 had a code injection vulnerability. This vulnerability stemmed from the Cookie rewriting feature, which was vulnerable t...
PT-2026-34726
Name of the Vulnerable Software and Affected Versions Contour versions 1.19.0 through 1.31.5 Contour versions 1.32.0 through 1.32.4 Contour versions 1.33.0 through 1.33.3 Description The Cookie Rewriting feature is susceptible to Lua code injection. An attacker with RBAC permissions to create or...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: neuvector-scanner, nginx-prometheus-exporter, prometheus-pushgateway, grafana-pyroscope, yunikorn-k8shim, dkron, flux-helm-controller, docker-cli, migrate, snyk-cli, step-issuer, gatekeeper, gh, kaf, tofu-controller, terraform, ingress-nginx-controller,...
CVE-2026-33186 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope, ipfs-cluster, migrate, snyk-cli, secrets-store-csi-driver-provider-azure, prometheus-blackbox-exporter, terraform-provider-google, k3s, kube-rbac-proxy, azurefile-csi, tempo, cass-operator, temporal-server, kubernetes-csi-livenessprobe,...
GHSA-P77J-4MVH-X3M3 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope, ipfs-cluster, migrate, snyk-cli, secrets-store-csi-driver-provider-azure, prometheus-blackbox-exporter, terraform-provider-google, k3s, kube-rbac-proxy, azurefile-csi, tempo, cass-operator, temporal-server, kubernetes-csi-livenessprobe,...
GHSA-P77J-4MVH-X3M3 vulnerabilities
Vulnerabilities for packages: emissary, cluster-api-ipam-provider-in-cluster, pgwatch, jobset-fips, kube-logging-operator, amazon-k8s-cni-fips, crossplane-provider-aws-cognitoidp-fips, crossplane-provider-aws-ssm, cluster-api-provider-vsphere, yunikorn-k8shim, prometheus-stackdriver-exporter,...
CVE-2026-33186 vulnerabilities
Vulnerabilities for packages: emissary, cluster-api-ipam-provider-in-cluster, pgwatch, jobset-fips, kube-logging-operator, amazon-k8s-cni-fips, crossplane-provider-aws-cognitoidp-fips, crossplane-provider-aws-ssm, cluster-api-provider-vsphere, yunikorn-k8shim, prometheus-stackdriver-exporter,...
OPENSUSE-SU-2026:20235-1 Security update for fontforge
This update for fontforge fixes the following issues: Update to version 20251009. Security issues fixed: - CVE-2025-15279: remote code execution via heap-based buffer overflow in BMP file parsing bsc1256013. - CVE-2025-15269: remote code execution via use-after-free in SFD file parsing bsc1256032...
GHSA-RJCG-56PH-3QVG vulnerabilities
Vulnerabilities for packages: azure-ipam, grafana-pyroscope, ipfs-cluster, kaf, prometheus-blackbox-exporter, whereabouts, kube-rbac-proxy, azurefile-csi, incert, spark-operator, hey, mongodb-kubernetes-operator, envconsul, kubernetes-csi-livenessprobe, manifest-tool,...
GHSA-JWMF-CHVC-RF92 vulnerabilities
Vulnerabilities for packages: azure-ipam, grafana-pyroscope, ipfs-cluster, kaf, prometheus-blackbox-exporter, whereabouts, kube-rbac-proxy, azurefile-csi, incert, spark-operator, hey, mongodb-kubernetes-operator, envconsul, kubernetes-csi-livenessprobe, manifest-tool,...
GHSA-447V-2QG4-H8HC vulnerabilities
Vulnerabilities for packages: azure-ipam, hello-world-golang, grafana-pyroscope, ipfs-cluster, guac, mkcert, prometheus-pushgateway, cilium-certgen, tofu-controller, glow, gatekeeper, kaf, yunikorn-k8shim, terraform, protoc-gen-go, prometheus-blackbox-exporter, timoni, terraform-provider-sendgrid...