Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
LinuxfoundationDapr

2 matches found

CVE
CVEadded 2023/07/21 8:8 p.m.2486 views

CVE-2023-37918

CVE-2023-37918 affects Dapr and describes an API-token authentication bypass in HTTP endpoints when API token authentication is enabled. The root cause involves health check endpoint allowlisting, where requests containing /healthz in the URL could bypass the dapr-api-token check and reach the Da...

7.5CVSS7AI score0.01129EPSS
CVE
CVEadded 2026/05/08 1:11 p.m.8 views

CVE-2026-41491

CVE-2026‑41491 affects Dapr. An ACL bypass vulnerability in service invocation lets an attacker exploit reserved URL characters and path traversal sequences in method paths, causing the access control policy to be evaluated against a different path than what the target application receives. The m...

8.1CVSS5.7AI score0.00319EPSS