Lucene search
Veracode Vulnerability DatabaseVERACODE:36987HistorySep 09, 2022 - 3:20 a.m.
Protection Mechanism Bypass
2022-09-0903:20:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.002 Low
EPSS
Percentile
61.6%
github.com/open-policy-agent/opa is vulnerable to a protection mechanism bypass. A remote attacker is able to bypass the protection set by WithUnsafeBuiltins function via use of the with keyword to create replicas of unsafe built-in functions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/open-policy-agent/opa | le | v0.43.0 | |
| github.com/open-policy-agent/opa | le | v0.43.0 |
References
github.com/open-policy-agent/opa/commit/25a597bc3f4985162e7f65f9c36599f4f8f55823
github.com/open-policy-agent/opa/commit/3e8c754ed007b22393cf65e48751ad9f6457fee8
github.com/open-policy-agent/opa/pull/4540
github.com/open-policy-agent/opa/pull/4616
github.com/open-policy-agent/opa/pull/5101
github.com/open-policy-agent/opa/releases/tag/v0.43.1
github.com/open-policy-agent/opa/security/advisories/GHSA-f524-rf33-2jjr
Related
cve
cve
CVE-2022-36085
2022-09-08 14:15:08
github
github
prion
prion
Design/Logic Flaw
2022-09-08 14:15:00
osv
osv
OPA Compiler: Bypass of WithUnsafeBuiltins using "with" keyword to mock functions
2022-09-16 17:42:47
CVE-2022-36085
2022-09-08 14:15:08
Protection bypass in github.com/open-policy-agent/opa
2022-09-13 17:40:16
cvelist
cvelist
nvd
nvd
CVE-2022-36085
2022-09-08 14:15:08
redhatcve
redhatcve
CVE-2022-36085
2022-09-09 09:13:08