3 matches found
CVE-2026-23742
CVE-2026-23742 affects the Skipper HTTP router/proxy. The default -lua-sources=inline in versions before 0.23.0 lets untrusted users inject Lua filters that can read the host filesystem and, via logs, exfiltrate skipper secrets, potentially enabling arbitrary code execution. The issue is resolved...
CVE-2026-23742 Skipper arbitrary code execution through lua filters
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...
CVE-2026-23742 Skipper arbitrary code execution through lua filters
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...