20 matches found
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: helm-push, spegel, docker-compose, tw, cluster-api-helm-controller, manifest-tool, datadog-agent, skaffold, kaniko, consul-k8s, wolfictl, dagger, envoy-gateway, helm-operator, linkerd2, neuvector-scanner, rancher-helm, syft, ctop, zarf, rancher-agent, tigera-operator...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: headlamp, grype-db, eks-node-monitoring-agent-fips, zarf, cloudbeat, opa-fips-envoy, buildkitd, docker-compose, scorecard, kubevela-fips, amazon-ecs-agent-fips, helm-fips, ctop, fuse-overlayfs-snapshotter, grype, headlamp-fips, gitlab-rails-ce, k8sgpt,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: db-operator, boring-registry, kpt, falcoctl, redpanda, cluster-api-provider-vsphere, cloud-provider-azure, buildah, litestream, terraform-provider-kubernetes, neuvector-scanner, docker-cli, k8s-device-plugin, smarter-device-manager, cosign, flux-source-controller,...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: opensearch-k8s-operator, kpt, metacontroller, cluster-api-provider-vsphere, docker-credential-acr-env, docker-cli, cri-tools, knative-serving, kubeflow-katib, github-mcp-server, prometheus, pulumi-language-yaml, ip-masq-agent, docker-machine-driver-linode,...
GHSA-9F29-V6MM-PW6W vulnerabilities
Vulnerabilities for packages: opa-envoy...
CVE-2026-26205 vulnerabilities
Vulnerabilities for packages: opa-envoy...
CVE-2026-26205 vulnerabilities
Vulnerabilities for packages: opa-envoy, opa-fips-envoy...
GHSA-9F29-V6MM-PW6W vulnerabilities
Vulnerabilities for packages: opa-envoy, opa-fips-envoy...
GO-2026-4506 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path in github.com/open-policy-agent/opa-envoy-plugin
opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsedpath in github.com/open-policy-agent/opa-envoy-plugin...
CVE-2026-26205
opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...
CVE-2026-26205
opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...
CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`
opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...
CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`
opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...
CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`
opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...
CVE-2026-26205
CVE-2026-26205 affects the opa-envoy-plugin for Envoy (opa-envoy-plugun). Versions prior to 1.13.2-envoy-2 construct input.parsed_path by treating HTTP request paths as full URIs and interpreting leading segments with ‘//’ as authorities, which drops those segments from the parsed path. This crea...
opa-envoy-plugin 安全漏洞
opa-envoy-plugin is a plugin developed by Open Policy Agent. Versions of opa-envoy-plugin prior to 1.13.2-envoy-2 contained security vulnerabilities. These vulnerabilities stemmed from defects in the way the input.parsedpath field was constructed, which could lead to mismatches in path...
GHSA-9F29-V6MM-PW6W opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path
A security vulnerability has been discovered in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Thi...
opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path
A security vulnerability has been discovered in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Thi...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: opensearch-k8s-operator, kpt, metacontroller, cluster-api-provider-vsphere, docker-credential-acr-env, docker-cli, grafana-alloy, cri-tools, gomplate, knative-serving, github-mcp-server, crossplane-provider-aws-sns, prometheus, azcopy, ip-masq-agent,...
GHSA-265R-HFXG-FHMG vulnerabilities
Vulnerabilities for packages: helm-push, rancher-fleet, docker-compose, spegel, cluster-api-helm-controller, datadog-agent, skaffold, kaniko, consul-k8s, wolfictl, dagger, envoy-gateway, helm-operator, linkerd2, neuvector-scanner, syft, flux-source-controller, cert-manager-cmctl, nerdctl, ctop,...