3 matches found
GHSA-9PC8-M4VP-GGVF Artifact Hub allows unsafe rego built-in
Impact During a security audit of Artifact Hub's code base, a security researcher at OffSec identified a bug in which a default unsafe rego built-in was allowed to be used when defining authorization policies. Artifact Hub includes a fine-grained authorization mechanism that allows organizations ...
Protection Mechanism Bypass
github.com/open-policy-agent/opa is vulnerable to a protection mechanism bypass. A remote attacker is able to bypass the protection set by WithUnsafeBuiltins function via use of the with keyword to create replicas of unsafe built-in functions...
CVE-2022-36085 OPA Compiler: Bypass of WithUnsafeBuiltins using `with` keyword to mock functions
Open Policy Agent OPA is an open source, general-purpose policy engine. The Rego compiler provides a deprecated WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy...