Lucene search
K

4 matches found

OSV
OSV
added 2026/06/30 6:9 p.m.4 views

GHSA-G4W6-VMGF-XQVX @cedar-policy/authorization-for-expressjs has an authorization bypass via query string manipulation

Summary @cedar-policy/authorization-for-expressjs is an open-source Express.js middleware that integrates Cedar authorization into Express applications by mapping HTTP requests to Cedar actions and evaluating authorization policies before allowing requests to proceed. An issue exists where, under...

8.8CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/19 2:38 p.m.13 views

CedarJava has type confusion vulnerability

Summary CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. Under certain circumstances, improper input handling could allow type confusion across the Java-Rust FFI boundary. Impact Record-to-Entity type confusion across the...

8.8CVSS6AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50976

Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 2.3.6 CedarJava versions prior to 3.4.1 CedarJava versions prior to 4.9.0 Description Improper input handling in the toCedarExpr method on Cedar Value types allows for Cedar-expression injection. The method fails to...

8.8CVSS6.2AI score
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/04/20 12:0 a.m.7 views

Intent-Aware Authorization for Zero Trust CI/CD

This paper introduces intent-aware authorization for Zero Trust CI/CD systems. Identity establishes who is making the request, but additional signals are required to decide whether access should be granted. We describe a control loop architecture where policy engines such as OPA and Cedar evaluat...

6.9AI score
Exploits0
Rows per page
Query Builder