Lucene search
K

4 matches found

Snyk
Snyk
added 2026/06/19 2:39 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the toCedarExpr method, which does not escape special characters when converting values to source code. An attacker can inject arbitrary expressions by supplying specially crafted input, potentially altering...

8.8CVSS6AI score0.00294EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 2:39 p.m.11 views

CedarJava has policy injection vulnerability

Summary CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. Under certain circumstances, improper input handling could allow policy injection. Impact Cedar-expression injection via unescaped toCedarExpr The toCedarExpr metho...

8.8CVSS6.2AI score0.00294EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/19 2:38 p.m.5 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' through improper handling of reserved keys in the JSON protocol when serializing CedarMap. An attacker can cause unauthorized access or manipulation of data by supplying...

8.8CVSS5.8AI score0.0048EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50975

Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 2.3.6 CedarJava versions prior to 3.4.1 CedarJava versions prior to 4.9 Description Improper input handling allows Record-to-Entity type confusion across the Java-Rust FFI Foreign Function Interface boundary...

8.8CVSS6.1AI score0.0048EPSS
Exploits0References4
Rows per page
Query Builder