CVE-2024-8260
- EPSS 0.14%
- Veröffentlicht 30.08.2024 13:15:12
- Zuletzt bearbeitet 19.09.2024 16:08:58
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of improper input validation, allowing a user to pass an arbitrary SMB share instead of a Rego file as an argument t...
CVE-2022-36085
- EPSS 1.36%
- Veröffentlicht 08.09.2022 14:15:08
- Zuletzt bearbeitet 21.11.2024 07:12:21
Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) `WithUnsafeBuiltins` function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such re...
CVE-2022-33082
- EPSS 1.09%
- Veröffentlicht 30.06.2022 22:15:08
- Zuletzt bearbeitet 21.11.2024 07:07:30
An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2022-28946
- EPSS 0.43%
- Veröffentlicht 19.05.2022 19:15:07
- Zuletzt bearbeitet 21.11.2024 06:58:13
An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.
CVE-2022-23628
- EPSS 0.31%
- Veröffentlicht 09.02.2022 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:48:58
OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree (AST) that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies im...