Denial of service in Open Policy Agent · CVE-2022-33082 · GitHub Advisory Database · GitHub

Denial of service in Open Policy Agent

High severity GitHub Reviewed Published Jul 1, 2022 to the GitHub Advisory Database • Updated May 20, 2024

Package

github.com/open-policy-agent/opa (Go)

Affected versions

< 0.42.0

Patched versions

0.42.0

Description

An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input.

References

Published by the National Vulnerability Database

Jun 30, 2022

Published to the GitHub Advisory Database Jul 1, 2022

Reviewed Jul 6, 2022

Last updated May 20, 2024

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H