Lucene search
+L

5 matches found

Cvelist
Cvelist
added yesterday12 views

CVE-2026-50197 Skipper: opaAuthorizeRequestWithBody filter bypasses OPA policy on Transfer-Encoding: chunked / HTTP/2 requests

Skipper is an HTTP router and reverse proxy for service composition. Prior to 0.26.10, zalando/skipper's OpenPolicyAgent integration silently bypasses request-body inspection on HTTP/1.1 Transfer-Encoding: chunked and HTTP/2 requests that omit the content-length pseudo-header, because the...

7.8CVSS
Exploits0References4
CVE
CVE
added 2026/01/26 10:23 p.m.23 views

CVE-2026-24470

CVE-2026-24470 affects the Skipper HTTP router/reverse proxy. Before v0.24.0, when Skipper runs as an Ingress controller, users with Ingress and ExternalName Service permissions could create routes enabling Skipper’s network access to reach internal services. The issue is mitigated by disabling K...

8.1CVSS5.9AI score0.00267EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:49 a.m.9 views

CVE-2022-27262

An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file...

9.8CVSS7.8AI score0.01964EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:3 p.m.8 views

CVE-2022-34296

In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request...

7.5CVSS6.7AI score0.01094EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/04/12 5:15 p.m.3 views

CVE-2022-27262

An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file...

9.8CVSS6.2AI score0.01964EPSS
Exploits1References3
Rows per page
Query Builder