12 matches found
EUVD-2023-1500
Malicious code in bioql PyPI...
EUVD-2022-4162
Malicious code in bioql PyPI...
BIT-NGINX-INGRESS-CONTROLLER-2025-1098 ingress-nginx controller - configuration injection via unsanitized mirror annotations
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...
GHSA-VG63-W3P9-JC9M ingress-nginx controller - configuration injection via unsanitized mirror annotations
A security issue was discovered in ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to...
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
A security issue was discovered in ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note th...
ingress-nginx controller - configuration injection via unsanitized auth-url annotation
A security issue was discovered in ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that in the...
CVE-2025-24513
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or...
CVE-2025-24514
CVE-2025-24514 describes an unauthenticated vulnerability in ingress-nginx where the auth-url annotation injection can modify NGINX config, enabling arbitrary code execution in the ingress-nginx controller and disclosure of controller Secrets. Public PoCs/exploits exist (e.g., Exploit-DB entry 52...
CVE-2025-24513 ingress-nginx controller - auth secret file path traversal vulnerability
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or...
CVE-2025-24513
Technical details for CVE-2025-24513 are not provided in the given documents. Monitor for updates and subsequent disclosures to obtain affected products, root cause, impact, and fixes.
EUVD-2025-8034
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...
PT-2025-12717
Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to v1.11.5 ingress-nginx versions from v1.12.0-beta.0 through v1.12.1 Description A security issue exists in ingress-nginx where the auth-url Ingress annotation can be exploited to inject configuration into nginx...