20 matches found
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: newrelic-infrastructure-agent, kube-arangodb, eksctl, consul-k8s, kubescape, helm-mapkubeapis, spegel, linkerd2, teleport, wolfictl, neuvector-scanner, docker, k9s, kubescape-operator, opa, rancher-agent, envoy-gateway, helm, kaniko, datadog-agent, tigera-operator,...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: trivy, kubescape-operator-fips, datadog-agent, newrelic-infrastructure-agent, livekit-cli, neuvector-scanner, scorecard, manifest-tool, opa, docker-compose, gogatekeeper, kubescape-server, eks-node-monitoring-agent, kaniko-fips, opa-fips-envoy, google-osconfig-agent,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: tofu-controller, secrets-store-csi-driver-provider-aws, volume-modifier-for-k8s, dgraph, kube-arangodb, telegraf, spicedb-operator, eksctl, mc, rabbitmq-messaging-topology-operator, dbmate, boring-registry, kserve-modelmesh-serving, kserve-rest-proxy, rancher-agent,...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-csi-external-snapshotter, infinispan-operator, kubernetes-dashboard-metrics-scraper, eksctl, mc, flux-operator, kserve-modelmesh-serving, newrelic-nri-statsd, gatekeeper, kubeflow-katib, sftpgo,...
GHSA-9F29-V6MM-PW6W vulnerabilities
Vulnerabilities for packages: opa-envoy...
CVE-2026-26205 vulnerabilities
Vulnerabilities for packages: opa-envoy...
GHSA-9F29-V6MM-PW6W vulnerabilities
Vulnerabilities for packages: opa-envoy, opa-fips-envoy...
CVE-2026-26205 vulnerabilities
Vulnerabilities for packages: opa-envoy, opa-fips-envoy...
GO-2026-4506 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path in github.com/open-policy-agent/opa-envoy-plugin
opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsedpath in github.com/open-policy-agent/opa-envoy-plugin...
CVE-2026-26205
opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...
CVE-2026-26205
opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...
CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`
opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...
CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`
opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...
CVE-2026-26205
CVE-2026-26205 affects the opa-envoy-plugin for Envoy (opa-envoy-plugun). Versions prior to 1.13.2-envoy-2 construct input.parsed_path by treating HTTP request paths as full URIs and interpreting leading segments with ‘//’ as authorities, which drops those segments from the parsed path. This crea...
CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`
opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...
opa-envoy-plugin 安全漏洞
opa-envoy-plugin is a plugin developed by Open Policy Agent. Versions of opa-envoy-plugin prior to 1.13.2-envoy-2 contained security vulnerabilities. These vulnerabilities stemmed from defects in the way the input.parsedpath field was constructed, which could lead to mismatches in path...
opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path
A security vulnerability has been discovered in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Thi...
GHSA-9F29-V6MM-PW6W opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path
A security vulnerability has been discovered in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Thi...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-csi-external-snapshotter, gptscript, infinispan-operator, kubernetes-dashboard-metrics-scraper, vcluster, mc, wolfictl, flux-operator, kserve-modelmesh-serving, newrelic-nri-statsd, gatekeeper, metrics-server, sftpgo,...
GHSA-265R-HFXG-FHMG vulnerabilities
Vulnerabilities for packages: newrelic-infrastructure-agent, eksctl, kubescape, spegel, linkerd2, wolfictl, neuvector-scanner, docker, opa, envoy-gateway, helm, kaniko, rancher-fleet, datadog-agent, trivy, skaffold, flux-helm-controller, k8ssandra-client, k3s, docker-compose, kubevela,...