Lucene search
K
OpenpolicyagentOpen Policy Agent

5 matches found

CVE
CVE
added 2022/06/30 9:50 p.m.316 views

CVE-2022-33082

CVE-2022-33082 affects Open Policy Agent (OPA). The issue is in the AST parser (ast/compile.go) and can cause a Denial of Service when processing specially crafted input, specifically for OPA v0.10.2. Multiple connected sources corroborate a DoS risk from the AST parser, with no public details on...

7.5CVSS7.1AI score0.01673EPSS
CVE
CVE
added 2022/05/19 6:3 p.m.313 views

CVE-2022-28946

Open Policy Agent CVE-2022-28946 affects v0.39.0, due to a bug in ast/parser.go that causes the application to misinterpret expressions, leading to a Denial of Service via out-of-range memory access. The NVD metrics show a CVSS 3.1 base score of 7.5 (Network, Low attack complexity, No privileges ...

7.5CVSS7.3AI score0.0095EPSS
CVE
CVE
added 2024/08/30 12:22 p.m.295 views

CVE-2024-8260

Technical details for CVE-2024-8260 are not publicly available in the provided connected documents. The initial description mentions OPA on Windows and an SMB force-authentication issue, but no concrete affected versions, impact, exploit data, or fixes are given here. Monitor for updates.

7.3CVSS6.8AI score0.00321EPSS
CVE
CVE
added 2022/09/08 1:30 p.m.277 views

CVE-2022-36085

Summary: CVE-2022-36085 affects the Open Policy Agent (OPA) Rego compiler. A bypass exists where the with keyword can mock unsafe built-ins, not always respected by the deprecated WithUnsafeBuiltins mechanism. This requires multiple conditions to provoke an adverse effect and has been demonstrate...

9.8CVSS8.5AI score0.0127EPSS
CVE
CVE
added 2022/02/09 9:50 p.m.171 views

CVE-2022-23628

Summary (CVE-2022-23628) : The issue in Open Policy Agent (OPA) concerns the pretty-printing of an AST that contains synthetic nodes, which can reorder array literals and change policy logic under a very specific set of conditions. The three conditions must all be met: (1) an AST is created progr...

6.3CVSS5.3AI score0.0103EPSS