83 matches found
SUSE CVE-2026-23742
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...
SUSE CVE-2026-24470
Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...
GO-2026-4327 Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper
Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper...
PT-2026-6504
Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper...
GO-2026-4378 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper
Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper...
CVE-2026-24470
Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...
Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName
Impact When running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Patches https://github.com/zalando/skipper/releases/tag/v0.24.0...
GHSA-MXXC-P822-2HX9 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName
Impact When running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Patches https://github.com/zalando/skipper/releases/tag/v0.24.0...
CVE-2026-24470
Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...
CVE-2026-24470 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName
Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...
CVE-2026-24470
CVE-2026-24470 affects the Skipper HTTP router/reverse proxy. Before v0.24.0, when Skipper runs as an Ingress controller, users with Ingress and ExternalName Service permissions could create routes enabling Skipper’s network access to reach internal services. The issue is mitigated by disabling K...
CVE-2026-24470 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName
Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...
CVE-2026-24470 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName
Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...
PT-2026-4831
Name of the Vulnerable Software and Affected Versions Skipper versions prior to 0.24.0 Description Skipper is an HTTP router and reverse proxy for service composition. When operating as an Ingress controller, users with the ability to create Ingress resources and Services of type ExternalName can...
Skipper code issue vulnerabilities
Skipper is an open-source HTTP router and reverse proxy developed by Zalando SE for service combinations. Versions of Skipper prior to 0.24.0 had code vulnerabilities due to improper permission configuration, which could allow users to create routes to access internal services...
GHSA-CC8M-98FM-RC9G Skipper is vulnerable to arbitrary code execution through lua filters
Impact Arbitrary code execution through lua filters. The default skipper configuration before v0.23 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration...
Arbitrary Code Injection
Overview github.com/zalando/skipper is a HTTP router and reverse proxy for service composition Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by...
CVE-2026-23742
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...
EUVD-2026-2860
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...
CVE-2026-23742 Skipper arbitrary code execution through lua filters
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The...