GO-2026-4327 Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper

Skipper is vulnerable to arbitrary code execution through lua filters in github.com/zalando/skipper...

GO-2026-4378 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper

Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper...

Arbitrary Code Injection

Overview github.com/zalando/skipper is a HTTP router and reverse proxy for service composition Affected versions of this package are vulnerable to Arbitrary Code Injection via the default configuration -lua-sources=inline,file. An attacker can execute arbitrary code and access sensitive files by...

CVE-2022-38580

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery SSRF...

EUVD-2022-6139

Malicious code in bioql PyPI...

CVE-2022-34296

In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request...

GO-2022-0494 Query predicate bypass in Zalando Skipper in github.com/zalando/skipper

Query predicate bypass in Zalando Skipper in github.com/zalando/skipper...

GO-2022-1086 Server-side request forger via X-Skipper-Proxy in github.com/zalando/skipper

An attacker can access the internal metadata server or other unauthenticated URLs by adding a specific header X-Skipper-Proxy to the http request...

Server-side Request Forgery (SSRF)

github.com/zalando/skipper is vulnerable to server-side request forgery. The vulnerability exists because proxy.go does not properly pass URLs via the request context, allowing an attacker to redirect to the malicious URLs through the X-Skipper-Proxy header...

CVE-2022-38580

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery SSRF...

CVE-2022-38580

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery SSRF...

Server side request forgery (ssrf)

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery SSRF...

Skipper 代码问题漏洞

Skipper is an HTTP router and reverse proxy for service portfolios. A security vulnerability exists in Zalando Skipper version v0.13.236 that stems from vulnerability to server-side request forgery SSRF attacks...

CVE-2022-38580

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF) via the X-Skipper-Proxy header. Multiple sources (Red Hat, OSV, ExploitDB, GHSA advisory) describe an SSRF condition allowing an attacker to access internal endpoints (e.g., AWS metadata) by sending requests with a craf...

CVE-2022-38580

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery SSRF...

PT-2022-24469 · Zalando · Zalando Skipper

Name of the Vulnerable Software and Affected Versions: Zalando Skipper versions prior to v0.13.237 Description: The issue allows an attacker to exploit a vulnerable version of the proxy to access the internal metadata server or other unauthenticated URLs by adding a specific header X-Skipper-Prox...

CVE-2022-38580

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery SSRF...

Cross-site Scripting (XSS)

github.com/zalando/skipper is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization allowing an attacker to bypass a query predicate via a maliciously crafted request...

Query predicate bypass in Zalando Skipper

In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request...

GHSA-QX2J-85Q5-FFP8 Query predicate bypass in Zalando Skipper

In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request...