5 matches found
CVE-2022-33082
CVE-2022-33082 affects Open Policy Agent (OPA). The issue is in the AST parser (ast/compile.go) and can cause a Denial of Service when processing specially crafted input, specifically for OPA v0.10.2. Multiple connected sources corroborate a DoS risk from the AST parser, with no public details on...
CVE-2022-28946
Open Policy Agent CVE-2022-28946 affects v0.39.0, due to a bug in ast/parser.go that causes the application to misinterpret expressions, leading to a Denial of Service via out-of-range memory access. The NVD metrics show a CVSS 3.1 base score of 7.5 (Network, Low attack complexity, No privileges ...
CVE-2024-8260
Technical details for CVE-2024-8260 are not publicly available in the provided connected documents. The initial description mentions OPA on Windows and an SMB force-authentication issue, but no concrete affected versions, impact, exploit data, or fixes are given here. Monitor for updates.
CVE-2022-36085
Summary: CVE-2022-36085 affects the Open Policy Agent (OPA) Rego compiler. A bypass exists where the with keyword can mock unsafe built-ins, not always respected by the deprecated WithUnsafeBuiltins mechanism. This requires multiple conditions to provoke an adverse effect and has been demonstrate...
CVE-2022-23628
Summary (CVE-2022-23628) : The issue in Open Policy Agent (OPA) concerns the pretty-printing of an AST that contains synthetic nodes, which can reorder array literals and change policy logic under a very specific set of conditions. The three conditions must all be met: (1) an AST is created progr...