GO-2022-1086 Server-side request forger via X-Skipper-Proxy in github.com/zalando/skipper

An attacker can access the internal metadata server or other unauthenticated URLs by adding a specific header X-Skipper-Proxy to the http request...

Cross-site Scripting (XSS)

github.com/zalando/skipper is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization allowing an attacker to bypass a query predicate via a maliciously crafted request...